diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2016-07-18 15:35:59 +0100 |
---|---|---|
committer | Riku Voipio <riku.voipio@linaro.org> | 2016-09-21 14:25:26 +0300 |
commit | 2ba7fae3bd688f5bb6cb08defc731d77e6bd943c (patch) | |
tree | a2138d834c2f9d056db7c55b26118b554865be46 /linux-user/syscall_defs.h | |
parent | 700fa58e4b9100d6bd77df06d2e5d1f457720c4d (diff) | |
download | qemu-2ba7fae3bd688f5bb6cb08defc731d77e6bd943c.zip qemu-2ba7fae3bd688f5bb6cb08defc731d77e6bd943c.tar.gz qemu-2ba7fae3bd688f5bb6cb08defc731d77e6bd943c.tar.bz2 |
linux-user: Check for bad event numbers in epoll_wait
The kernel checks that the maxevents parameter to epoll_wait
is non-negative and not larger than EP_MAX_EVENTS. Add this
check to our implementation, so that:
* we fail these cases EINVAL rather than EFAULT
* we don't pass negative or overflowing values to the
lock_user() size calculation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user/syscall_defs.h')
-rw-r--r-- | linux-user/syscall_defs.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index c0e5cb0..5c19c5c 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -2585,6 +2585,9 @@ struct target_epoll_event { abi_uint events; target_epoll_data_t data; } TARGET_EPOLL_PACKED; + +#define TARGET_EP_MAX_EVENTS (INT_MAX / sizeof(struct target_epoll_event)) + #endif struct target_rlimit64 { uint64_t rlim_cur; |