linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
parent
4144f122b4
commit
0d07fe47d4
@ -2848,7 +2848,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
|
||||
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
|
||||
return -TARGET_EFAULT;
|
||||
|
||||
host_mb = malloc(msgsz+sizeof(long));
|
||||
host_mb = g_malloc(msgsz+sizeof(long));
|
||||
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
|
||||
|
||||
if (ret > 0) {
|
||||
@ -2863,11 +2863,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
|
||||
}
|
||||
|
||||
target_mb->mtype = tswapal(host_mb->mtype);
|
||||
free(host_mb);
|
||||
|
||||
end:
|
||||
if (target_mb)
|
||||
unlock_user_struct(target_mb, msgp, 1);
|
||||
g_free(host_mb);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user