Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()

[Remi Denis Courmont]

Hi,

I don't think that len == 0 is a sufficient condition to eliminate integer 
overflow. It only ensures that size - 1 is a positive quantity.

________________________________________
De : Laurent Vivier [laur...@vivier.eu]
Envoyé : jeudi 14 février 2019 11:22
À : Rémi Denis-Courmont; qemu-devel@nongnu.org
Cc : Remi Denis Courmont
Objet : Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()

On 08/02/2019 19:33, Laurent Vivier wrote:
> On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
>> This works around the LTP crash, but there are problably better ways to
>> go about it.
>>
>> Signed-off-by: Rémi Denis-Courmont <r...@remlab.net>
>> Cc: <lviv...@redhat.com>
>> ---
>>  linux-user/qemu.h | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
>> index ef400cb78a..1d222a0cce 100644
>> --- a/linux-user/qemu.h
>> +++ b/linux-user/qemu.h
>> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>>
>>  static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>>  {
>> -    return page_check_range((target_ulong)addr, size,
>> +    return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
>
> I think it should be guest_addr_valid(addr + size - 1).

In fact (len == 0 || guest_addr_valid(addr + size - 1)).

Could you send a new version of your patch?

I've received several mail delivery system errors regarding your email
address r...@remlab.net.

Thanks,
Laurent