From: Timothy E Baldwin <t.e.baldwi...@members.leeds.ac.uk>
Check array bounds in host_to_target_errno() and target_to_host_errno().
Signed-off-by: Timothy Edward Baldwin <t.e.baldwi...@members.leeds.ac.uk>
Message-id: 1441497448-32489-2-git-send-email-t.e.baldwi...@members.leeds.ac.uk
[PMM: Add a lower-bound check, use braces on if(), tweak commit message]
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
This is a bugfix patch fished out of Timothy's signal-race-fixes
patch series. We had a previous go-around doing this with unsigned
integers, but that doesn't work.
linux-user/syscall.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9517531..f9dcdd4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -617,15 +617,19 @@ static uint16_t
host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
static inline int host_to_target_errno(int err)
{
- if(host_to_target_errno_table[err])
+ if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+ host_to_target_errno_table[err]) {
return host_to_target_errno_table[err];
+ }
return err;
}
static inline int target_to_host_errno(int err)
{
- if (target_to_host_errno_table[err])
+ if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+ target_to_host_errno_table[err]) {
return target_to_host_errno_table[err];
+ }
return err;
}
--
1.9.1
