We properly computed the capped mask size to be put to the application buffer, but didn't actually used it. Also, we need to return the capped mask size instead of 0 on success.
Signed-off-by: Samuel Thibault <samuel.thiba...@ens-lyon.org> --- Difference from v1: - simplify fix --- linux-user/syscall.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 82b35a6bdf..bcda3362fc 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10493,7 +10493,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, ret = arg2; } - ret = host_to_target_cpu_mask(mask, mask_size, arg3, arg2); + if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) { + goto efault; + } } } break; -- 2.15.1