diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2011-11-09 19:22:11 +0000 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2011-11-11 12:49:53 -0600 |
commit | 7dd47667b9b0b23807fc1a550644fc2427462f41 (patch) | |
tree | 51f12d2714c9b19fe289fadda9d6732ed0611b09 | |
parent | 096685fc2a955ea17d5363ab452e301be2b43873 (diff) | |
download | qemu-7dd47667b9b0b23807fc1a550644fc2427462f41.zip qemu-7dd47667b9b0b23807fc1a550644fc2427462f41.tar.gz qemu-7dd47667b9b0b23807fc1a550644fc2427462f41.tar.bz2 |
linux-user/elfload.c: Don't memset(NULL..) if malloc() failed
If a malloc() in copy_elf_strings() failed we would call memset()
before the "did malloc fail?" check. Fix this by moving to the
glib alloc/free routines for this memory so we can use g_try_malloc0
rather than having a separate memset(). Spotted by Coverity (see
bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r-- | linux-user/elfload.c | 5 | ||||
-rw-r--r-- | linux-user/linuxload.c | 2 |
2 files changed, 3 insertions, 4 deletions
diff --git a/linux-user/elfload.c b/linux-user/elfload.c index a413976..4635bb2 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -1105,8 +1105,7 @@ static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, offset = p % TARGET_PAGE_SIZE; pag = (char *)page[p/TARGET_PAGE_SIZE]; if (!pag) { - pag = (char *)malloc(TARGET_PAGE_SIZE); - memset(pag, 0, TARGET_PAGE_SIZE); + pag = g_try_malloc0(TARGET_PAGE_SIZE); page[p/TARGET_PAGE_SIZE] = pag; if (!pag) return 0; @@ -1164,7 +1163,7 @@ static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, info->rss++; /* FIXME - check return value of memcpy_to_target() for failure */ memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); - free(bprm->page[i]); + g_free(bprm->page[i]); } stack_base += TARGET_PAGE_SIZE; } diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c index 62ebc7e..b47025f 100644 --- a/linux-user/linuxload.c +++ b/linux-user/linuxload.c @@ -178,7 +178,7 @@ int loader_exec(const char * filename, char ** argv, char ** envp, /* Something went wrong, return the inode and free the argument pages*/ for (i=0 ; i<MAX_ARG_PAGES ; i++) { - free(bprm->page[i]); + g_free(bprm->page[i]); } return(retval); } |