diff options
| author | Icenowy Zheng <uwu@icenowy.me> | 2022-10-28 16:12:20 +0800 |
|---|---|---|
| committer | Laurent Vivier <laurent@vivier.eu> | 2022-11-02 17:29:17 +0100 |
| commit | 16c81dd563b94e9392a578ccf5aa762d01e8f165 (patch) | |
| tree | 47691648eb5f4ee0a7e8e359f830f296c1b79d91 /linux-user/syscall.c | |
| parent | 8b95210fcb2330dd3b682ff3a5a734881baa8bef (diff) | |
| download | qemu-16c81dd563b94e9392a578ccf5aa762d01e8f165.zip qemu-16c81dd563b94e9392a578ccf5aa762d01e8f165.tar.gz qemu-16c81dd563b94e9392a578ccf5aa762d01e8f165.tar.bz2 | |
linux-user: always translate cmsg when recvmsg
It's possible that a message contains both normal payload and ancillary
data in the same message, and even if no ancillary data is available
this information should be passed to the target, otherwise the target
cmsghdr will be left uninitialized and the target is going to access
uninitialized memory if it expects cmsg.
Always call the function that translate cmsg when recvmsg, because that
function should be empty-cmsg-safe (it creates an empty cmsg in the
target).
Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20221028081220.1604244-1-uwu@icenowy.me>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 8b18adf..24b2575 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3353,7 +3353,8 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, MIN(msg.msg_iov->iov_len, len)); - } else { + } + if (!is_error(ret)) { ret = host_to_target_cmsg(msgp, &msg); } if (!is_error(ret)) { |