Since we adjust the length of the addrlen by upto 1 to cope with the off-by-one errors that plague unix domain sockets, we need to add 1 to the length we alloc off the stack to account for this. It's not common to sendto/recvfrom a UNIX domain socket, but it is possible.
Signed-off-by: Warner Losh <[email protected]> --- bsd-user/bsd-socket.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bsd-user/bsd-socket.h b/bsd-user/bsd-socket.h index 578cc3959d..d85dec59c0 100644 --- a/bsd-user/bsd-socket.h +++ b/bsd-user/bsd-socket.h @@ -198,7 +198,7 @@ static inline abi_long do_bsd_sendto(int fd, abi_ulong msg, size_t len, host_msg = NULL; } if (target_addr) { - saddr = alloca(addrlen); + saddr = alloca(addrlen + 1); ret = target_to_host_sockaddr(saddr, target_addr, addrlen); if (is_error(ret)) { unlock_user(host_msg, msg, 0); @@ -235,7 +235,7 @@ static inline abi_long do_bsd_recvfrom(int fd, abi_ulong msg, size_t len, ret = -TARGET_EINVAL; goto fail; } - saddr = alloca(addrlen); + saddr = alloca(addrlen + 1); ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, saddr, &addrlen)); } else { -- 2.52.0
