Re: [Qemu-devel] [PATCH for 2.10 v2 14/20] syscall: check inotify() and eventfd() return value

Wed, 26 Jul 2017 23:40:17 -0700 

Le 27/07/2017 à 04:42, Philippe Mathieu-Daudé a écrit :
> linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed 
> memory precedes memory block)
>     target_fd_trans[fd] = trans;
>     ~~~~~~~~~~~~~~~~~~~~^~~~~~~
> 
> Reported-by: Clang Static Analyzer
> Suggested-by: Laurent Vivier <lviv...@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>

Reviewed-by: Laurent Vivier <laur...@vivier.eu>

> ---
>  linux-user/syscall.c | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 81f52f7483..dfc1301e63 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -11742,7 +11742,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
>      case TARGET_NR_inotify_init:
>          ret = get_errno(sys_inotify_init());
> -        fd_trans_register(ret, &target_inotify_trans);
> +        if (ret >= 0) {
> +            fd_trans_register(ret, &target_inotify_trans);
> +        }
>          break;
>  #endif
>  #ifdef CONFIG_INOTIFY1
> @@ -11750,7 +11752,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>      case TARGET_NR_inotify_init1:
>          ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1,
>                                            fcntl_flags_tbl)));
> -        fd_trans_register(ret, &target_inotify_trans);
> +        if (ret >= 0) {
> +            fd_trans_register(ret, &target_inotify_trans);
> +        }
>          break;
>  #endif
>  #endif
> @@ -11916,7 +11920,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  #if defined(TARGET_NR_eventfd)
>      case TARGET_NR_eventfd:
>          ret = get_errno(eventfd(arg1, 0));
> -        fd_trans_register(ret, &target_eventfd_trans);
> +        if (ret >= 0) {
> +            fd_trans_register(ret, &target_eventfd_trans);
> +        }
>          break;
>  #endif
>  #if defined(TARGET_NR_eventfd2)
> @@ -11930,7 +11936,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>              host_flags |= O_CLOEXEC;
>          }
>          ret = get_errno(eventfd(arg1, host_flags));
> -        fd_trans_register(ret, &target_eventfd_trans);
> +        if (ret >= 0) {
> +            fd_trans_register(ret, &target_eventfd_trans);
> +        }
>          break;
>      }
>  #endif
>

Reply via email to