1. Patchew
  2. QEMU
  3. [PULL 0/4] Linux user for 5.2 patches
  4. View patch

[PULL 4/4] linux-user: Check copy_from_user() return value in vma_dump_size()

Laurent Vivier posted 4 patches 3 years, 7 months ago
Maintainers: "Philippe Mathieu-Daudé" <f4bug@amsat.org>, Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>, Laurent Vivier <laurent@vivier.eu>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Aurelien Jarno <aurelien@aurel32.net>
There is a newer version of this series
[PULL 4/4] linux-user: Check copy_from_user() return value in vma_dump_size()
Posted by Laurent Vivier 3 years, 7 months ago 
From: Peter Maydell <peter.maydell@linaro.org>

Coverity points out that we don't check the return value from
copy_from_user() in vma_dump_size(). This is to some extent
a "can't happen" error since we've already checked the page
with an access_ok() call earlier, but it's simple enough to
handle the error anyway.

Fixes: Coverity CID 1432362
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20201103141532.19912-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/elfload.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index cae41d504d36..0b02a926025e 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3485,7 +3485,9 @@ static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
     if (vma->vma_flags & PROT_EXEC) {
         char page[TARGET_PAGE_SIZE];
 
-        copy_from_user(page, vma->vma_start, sizeof (page));
+        if (copy_from_user(page, vma->vma_start, sizeof (page))) {
+            return 0;
+        }
         if ((page[EI_MAG0] == ELFMAG0) &&
             (page[EI_MAG1] == ELFMAG1) &&
             (page[EI_MAG2] == ELFMAG2) &&
-- 
2.28.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.