linux-user: Dereference Pointer Argument to ipc/semctl Sys Call
When the ipc system call is used to wrap a semctl system call, the ptr argument to ipc needs to be dereferenced prior to passing it to the semctl handler. This is because the fourth argument to semctl is a union and not a pointer to a union. Signed-off-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
This commit is contained in:
parent
035273440b
commit
5d2fa8ebb4
@ -3140,9 +3140,15 @@ static abi_long do_ipc(unsigned int call, int first,
|
|||||||
ret = get_errno(semget(first, second, third));
|
ret = get_errno(semget(first, second, third));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case IPCOP_semctl:
|
case IPCOP_semctl: {
|
||||||
ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) ptr);
|
/* The semun argument to semctl is passed by value, so dereference the
|
||||||
|
* ptr argument. */
|
||||||
|
abi_ulong atptr;
|
||||||
|
get_user_ual(atptr, (abi_ulong)ptr);
|
||||||
|
ret = do_semctl(first, second, third,
|
||||||
|
(union target_semun)(abi_ulong) atptr);
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
case IPCOP_msgget:
|
case IPCOP_msgget:
|
||||||
ret = get_errno(msgget(first, second));
|
ret = get_errno(msgget(first, second));
|
||||||
|
Loading…
Reference in New Issue
Block a user