diff options
| author | Tom Musta <tommusta@gmail.com> | 2014-08-12 13:53:33 -0500 |
|---|---|---|
| committer | Riku Voipio <riku.voipio@linaro.org> | 2014-08-22 15:06:34 +0300 |
| commit | 5d2fa8ebb4dae0057ed9baab617971dcd5ea493f (patch) | |
| tree | ad944fae2d8f3c3da3fd3aa106d63667986540a6 | |
| parent | 035273440b4d12c6e8b1cf2787778064355d21e2 (diff) | |
| download | qemu-5d2fa8ebb4dae0057ed9baab617971dcd5ea493f.zip qemu-5d2fa8ebb4dae0057ed9baab617971dcd5ea493f.tar.gz qemu-5d2fa8ebb4dae0057ed9baab617971dcd5ea493f.tar.bz2 | |
linux-user: Dereference Pointer Argument to ipc/semctl Sys Call
When the ipc system call is used to wrap a semctl system call,
the ptr argument to ipc needs to be dereferenced prior to passing
it to the semctl handler. This is because the fourth argument to
semctl is a union and not a pointer to a union.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
| -rw-r--r-- | linux-user/syscall.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index fba7fd2..08fdd94 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3140,9 +3140,15 @@ static abi_long do_ipc(unsigned int call, int first, ret = get_errno(semget(first, second, third)); break; - case IPCOP_semctl: - ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) ptr); + case IPCOP_semctl: { + /* The semun argument to semctl is passed by value, so dereference the + * ptr argument. */ + abi_ulong atptr; + get_user_ual(atptr, (abi_ulong)ptr); + ret = do_semctl(first, second, third, + (union target_semun)(abi_ulong) atptr); break; + } case IPCOP_msgget: ret = get_errno(msgget(first, second)); |