From nobody Sat Nov 1 09:48:46 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526669304658901.1035919927486; Fri, 18 May 2018 11:48:24 -0700 (PDT) Received: from localhost ([::1]:40468 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJkQI-0005fV-Q1 for importer@patchew.org; Fri, 18 May 2018 14:48:14 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53922) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJkPQ-0005Oe-P9 for qemu-devel@nongnu.org; Fri, 18 May 2018 14:47:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJkPP-0007W1-Tj for qemu-devel@nongnu.org; Fri, 18 May 2018 14:47:20 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:41822) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJkPP-0007VJ-N9 for qemu-devel@nongnu.org; Fri, 18 May 2018 14:47:19 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fJkPM-00051F-Nc; Fri, 18 May 2018 19:47:16 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 18 May 2018 19:47:15 +0100 Message-Id: <20180518184715.29833-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH] linux-user: Fix payload size logic in host_to_target_cmsg() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Coverity points out that there's a missing break in the switch in host_to_target_cmsg() where we update tgt_len for cmsg_level/cmsg_type combinations which require a different length for host and target (CID 1385425). To avoid duplicating the default case (target length same as host) in both switches, set that before the switch so that only the cases which want to override it need any code. This fixes a bug where we would have used the wrong length for SOL_SOCKET/SO_TIMESTAMP messages where the target and host have differently sized 'struct timeval' (ie one is 32 bit and the other is 64 bit). Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier --- linux-user/syscall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index af8603f1b7..88d166cdff 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1825,6 +1825,7 @@ static inline abi_long host_to_target_cmsg(struct tar= get_msghdr *target_msgh, /* Payload types which need a different size of payload on * the target must adjust tgt_len here. */ + tgt_len =3D len; switch (cmsg->cmsg_level) { case SOL_SOCKET: switch (cmsg->cmsg_type) { @@ -1834,8 +1835,8 @@ static inline abi_long host_to_target_cmsg(struct tar= get_msghdr *target_msgh, default: break; } + break; default: - tgt_len =3D len; break; } =20 --=20 2.17.0