diff options
| author | Laurent Vivier <laurent@vivier.eu> | 2016-06-16 21:01:36 +0200 |
|---|---|---|
| committer | Riku Voipio <riku.voipio@linaro.org> | 2016-06-26 13:17:22 +0300 |
| commit | 48dc0f2c3d87c74c31a27e1d17dabf26c378b1e8 (patch) | |
| tree | c6d5681cf491bbe9a29a837aa726097ed52c9dbc /linux-user | |
| parent | 84f34b00c8cccfcefbadc45f68036dea957d2153 (diff) | |
| download | qemu-48dc0f2c3d87c74c31a27e1d17dabf26c378b1e8.tar.gz | |
linux-user: fd_trans_host_to_target_data() must process only received data
if we process the whole buffer, the netlink helpers can try
to swap invalid data.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'linux-user')
| -rw-r--r-- | linux-user/syscall.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 33409c01ba..4b0d791104 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2991,7 +2991,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, len = ret; if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, - msg.msg_iov->iov_len); + len); } else { ret = host_to_target_cmsg(msgp, &msg); } |