diff options
| author | Prasad J Pandit <pjp@fedoraproject.org> | 2017-03-07 12:51:47 +0530 |
|---|---|---|
| committer | Riku Voipio <riku.voipio@linaro.org> | 2017-05-29 14:56:08 +0300 |
| commit | b936cb50aacf3cccf5d2363095c6547eb709583a (patch) | |
| tree | 1ed3f3324999739613e0608b8c85ebb5ae61516b /linux-user | |
| parent | c4e316cfb5e3f4b58d5d6fb6cb6c2279a5c3229a (diff) | |
| download | qemu-b936cb50aacf3cccf5d2363095c6547eb709583a.tar.gz | |
linux-user: allocate heap memory for execve arguments
Arguments passed to execve(2) call from user program could
be large, allocating stack memory for them via alloca(3) call
would lead to bad behaviour. Use 'g_new0' to allocate memory
for such arguments.
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user')
| -rw-r--r-- | linux-user/syscall.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 32aba195c5..c8f6efc89c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7985,8 +7985,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, envc++; } - argp = alloca((argc + 1) * sizeof(void *)); - envp = alloca((envc + 1) * sizeof(void *)); + argp = g_new0(char *, argc + 1); + envp = g_new0(char *, envc + 1); for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) { @@ -8047,6 +8047,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; unlock_user(*q, addr, 0); } + + g_free(argp); + g_free(envp); } break; case TARGET_NR_chdir: |