aboutsummaryrefslogtreecommitdiff
path: root/linux-user
diff options
context:
space:
mode:
authorLaurent Vivier <laurent@vivier.eu>2015-10-06 01:20:48 +0200
committerRiku Voipio <riku.voipio@linaro.org>2016-01-08 11:36:13 +0200
commit3e24bb3f1277ee25743f0a3274306080df80da2c (patch)
treea94ab664d729ab6e30ca6ef68b7add653061a3d7 /linux-user
parent928bed6a057cedd6110e634865e021a24029785a (diff)
downloadqemu-3e24bb3f1277ee25743f0a3274306080df80da2c.zip
qemu-3e24bb3f1277ee25743f0a3274306080df80da2c.tar.gz
qemu-3e24bb3f1277ee25743f0a3274306080df80da2c.tar.bz2
linux-user: in poll(), if nfds is 0, pfd can be NULL
This problem appears with yum in Fedora 20 / PPC64 container. test case: #include <stdio.h> #include <poll.h> int main(void) { int ret; ret = poll(NULL, 0, 1000); printf("%d\n", ret); } target test environment: Fedora 20 / PPC64 host test environment: Ubuntu 14.0.2 / x86_64 original test result: -1 13451 poll(0,0,1000,274886297496,268566664,268566648) = -1 errno=14 (Bad address) patched test result: 0 13536 poll(0,0,1000,274886297496,268566664,268566648) = 0 Signed-off-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user')
-rw-r--r--linux-user/syscall.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8fa8e0c..c216966 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8046,14 +8046,20 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
struct pollfd *pfd;
unsigned int i;
- target_pfd = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_pollfd) * nfds, 1);
- if (!target_pfd)
- goto efault;
+ pfd = NULL;
+ target_pfd = NULL;
+ if (nfds) {
+ target_pfd = lock_user(VERIFY_WRITE, arg1,
+ sizeof(struct target_pollfd) * nfds, 1);
+ if (!target_pfd) {
+ goto efault;
+ }
- pfd = alloca(sizeof(struct pollfd) * nfds);
- for(i = 0; i < nfds; i++) {
- pfd[i].fd = tswap32(target_pfd[i].fd);
- pfd[i].events = tswap16(target_pfd[i].events);
+ pfd = alloca(sizeof(struct pollfd) * nfds);
+ for (i = 0; i < nfds; i++) {
+ pfd[i].fd = tswap32(target_pfd[i].fd);
+ pfd[i].events = tswap16(target_pfd[i].events);
+ }
}
# ifdef TARGET_NR_ppoll