diff options
author | Prasad J Pandit <pjp@fedoraproject.org> | 2017-03-07 12:51:47 +0530 |
---|---|---|
committer | Riku Voipio <riku.voipio@linaro.org> | 2017-05-29 14:56:08 +0300 |
commit | b936cb50aacf3cccf5d2363095c6547eb709583a (patch) | |
tree | 1ed3f3324999739613e0608b8c85ebb5ae61516b /linux-user/syscall.c | |
parent | c4e316cfb5e3f4b58d5d6fb6cb6c2279a5c3229a (diff) | |
download | qemu-b936cb50aacf3cccf5d2363095c6547eb709583a.zip qemu-b936cb50aacf3cccf5d2363095c6547eb709583a.tar.gz qemu-b936cb50aacf3cccf5d2363095c6547eb709583a.tar.bz2 |
linux-user: allocate heap memory for execve arguments
Arguments passed to execve(2) call from user program could
be large, allocating stack memory for them via alloca(3) call
would lead to bad behaviour. Use 'g_new0' to allocate memory
for such arguments.
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user/syscall.c')
-rw-r--r-- | linux-user/syscall.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 32aba19..c8f6efc 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7985,8 +7985,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, envc++; } - argp = alloca((argc + 1) * sizeof(void *)); - envp = alloca((envc + 1) * sizeof(void *)); + argp = g_new0(char *, argc + 1); + envp = g_new0(char *, envc + 1); for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) { @@ -8047,6 +8047,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; unlock_user(*q, addr, 0); } + + g_free(argp); + g_free(envp); } break; case TARGET_NR_chdir: |