diff options
| author | Stephen Long <steplong@quicinc.com> | 2020-05-07 06:03:02 -0700 |
|---|---|---|
| committer | Laurent Vivier <laurent@vivier.eu> | 2020-10-23 14:21:15 +0200 |
| commit | d9a5eba477e7ed7183a6d417755790d6ecf22cad (patch) | |
| tree | 9b0c8ba5f23fef7f02e788ff1662a01da66c8762 /linux-user/syscall.c | |
| parent | 4c5b97bfd0dd54dc27717ae8d1cd10e14eef1430 (diff) | |
| download | qemu-d9a5eba477e7ed7183a6d417755790d6ecf22cad.zip qemu-d9a5eba477e7ed7183a6d417755790d6ecf22cad.tar.gz qemu-d9a5eba477e7ed7183a6d417755790d6ecf22cad.tar.bz2 | |
Fix stack smashing when handling PR_GET_PDEATHSIG
The bug was triggered by the following code on aarch64-linux-user:
int main(void)
{
int PDeathSig = 0;
if (prctl(PR_GET_PDEATHSIG, &PDeathSig) == 0 && PDeathSig == SIGKILL)
prctl(PR_GET_PDEATHSIG, 0);
return (PDeathSig == SIGKILL);
}
Signed-off-by: Stephen Long <steplong@quicinc.com>
Signed-off-by: Ana Pazos <apazos@quicinc.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200507130302.3684-1-steplong@quicinc.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 897d20c..3e0f14f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10703,7 +10703,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, int deathsig; ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5)); if (!is_error(ret) && arg2 - && put_user_ual(deathsig, arg2)) { + && put_user_s32(deathsig, arg2)) { return -TARGET_EFAULT; } return ret; |