From: Peter Maydell <peter.mayd...@linaro.org>
In do_msgrcv() we want to allocate a message buffer, whose size
is passed to us by the guest. That means we could legitimately
fail, so use g_try_malloc() and handle the error case, in the same
way that do_msgsnd() does.
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Riku Voipio <riku.voi...@linaro.org>
---
linux-user/syscall.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index cec5b80..40e8742 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3167,7 +3167,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long
msgp,
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
return -TARGET_EFAULT;
- host_mb = g_malloc(msgsz+sizeof(long));
+ host_mb = g_try_malloc(msgsz + sizeof(long));
+ if (!host_mb) {
+ ret = -TARGET_ENOMEM;
+ goto end;
+ }
ret = get_errno(msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
if (ret > 0) {
--
2.1.4
