arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN

Always call unlock_user before returning. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 13:55:55 +02:00 · 2012-08-22 13:55:55 +02:00 · 396bef4b38
commit 396bef4b38
parent a7e47d4bfc
1 changed files with 7 additions and 6 deletions
--- a/target-arm/arm-semi.c
+++ b/target-arm/arm-semi.c
@ -194,18 +194,19 @@ uint32_t do_arm_semihosting(CPUARMState *env)
        if (!(s = lock_user_string(ARG(0))))
            /* FIXME - should this error code be -TARGET_EFAULT ? */
            return (uint32_t)-1;
-        if (ARG(1) >= 12)
+        if (ARG(1) >= 12) {
+            unlock_user(s, ARG(0), 0);
            return (uint32_t)-1;
+        }
        if (strcmp(s, ":tt") == 0) {
-            if (ARG(1) < 4)
-                return STDIN_FILENO;
-            else
-                return STDOUT_FILENO;
+            int result_fileno = ARG(1) < 4 ? STDIN_FILENO : STDOUT_FILENO;
+            unlock_user(s, ARG(0), 0);
+            return result_fileno;
        }
        if (use_gdb_syscalls()) {
            gdb_do_syscall(arm_semi_cb, "open,%s,%x,1a4", ARG(0),
 			   (int)ARG(2)+1, gdb_open_modeflags[ARG(1)]);
-            return env->regs[0];
+            ret = env->regs[0];
        } else {
            ret = set_swi_errno(ts, open(s, open_modeflags[ARG(1)], 0644));
        }