While looking for cmsg entries, we want to compare guest pointers to see whether we're at the end of the passed in array.
However, what we really do is we compare our in-use host pointer with the to-be-the-end guest pointer. This comparison is obviously bogus. Change the comparison to compare guest pointer with guest pointer. Signed-off-by: Alexander Graf <ag...@suse.de> --- linux-user/syscall_defs.h | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index 92c01a9..8b06a19 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -214,7 +214,7 @@ __target_cmsg_nxthdr (struct target_msghdr *__mhdr, struct target_cmsghdr *__cms __ptr = (struct target_cmsghdr *)((unsigned char *) __cmsg + TARGET_CMSG_ALIGN (tswapal(__cmsg->cmsg_len))); - if ((unsigned long)((char *)(__ptr+1) - (char *)(size_t)tswapal(__mhdr->msg_control)) + if ((unsigned long)((char *)(h2g(__ptr+1)) - (char *)(size_t)tswapal(__mhdr->msg_control)) > tswapal(__mhdr->msg_controllen)) /* No more entries. */ return (struct target_cmsghdr *)0; -- 1.6.0.2