From: Laurent Vivier <laur...@vivier.eu> if we process the whole buffer, the netlink helpers can try to swap invalid data.
Signed-off-by: Laurent Vivier <laur...@vivier.eu> Signed-off-by: Riku Voipio <riku.voi...@linaro.org> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 33409c0..4b0d791 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2991,7 +2991,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, len = ret; if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, - msg.msg_iov->iov_len); + len); } else { ret = host_to_target_cmsg(msgp, &msg); } -- 2.1.4