linux-user: make bogus negative iovec lengths fail EINVAL

If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2013-02-08 07:58:41 +00:00 · 2013-02-08 07:58:41 +00:00 · dfae8e00f8
commit dfae8e00f8
parent 63ec54d7b3
1 changed files with 1 additions and 1 deletions
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@ -1776,7 +1776,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr,
        errno = 0;
        return NULL;
    }
-    if (count > IOV_MAX) {
+    if (count < 0 || count > IOV_MAX) {
        errno = EINVAL;
        return NULL;
    }