From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1O0AOW-0008E1-JV
	for qemu-devel@nongnu.org; Fri, 09 Apr 2010 05:20:56 -0400
Received: from [140.186.70.92] (port=44999 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1O0AOU-0008CP-4z
	for qemu-devel@nongnu.org; Fri, 09 Apr 2010 05:20:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <christophe.lyon@st.com>) id 1O0AOP-0008EM-IM
	for qemu-devel@nongnu.org; Fri, 09 Apr 2010 05:20:51 -0400
Received: from eu1sys200aog111.obsmtp.com ([207.126.144.131]:42331)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <christophe.lyon@st.com>) id 1O0AOO-0008C9-Kx
	for qemu-devel@nongnu.org; Fri, 09 Apr 2010 05:20:49 -0400
Received: from zeta.dmz-eu.st.com (ns2.st.com [164.129.230.9])
	by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id B2808BB
	for <qemu-devel@nongnu.org>; Fri,  9 Apr 2010 09:20:44 +0000 (GMT)
Received: from mail2.gnb.st.com (mail2.gnb.st.com [164.129.119.59])
	by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 7CC7B18AB
	for <qemu-devel@nongnu.org>; Fri,  9 Apr 2010 09:20:44 +0000 (GMT)
Message-ID: <4BBEF16B.5080906@st.com>
Date: Fri, 09 Apr 2010 11:20:43 +0200
From: Christophe LYON <christophe.lyon@st.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [ARM] SYS_GET_CMDLINE handling
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hello,

I am facing a problem when using qemu-arm, when the target code uses the 
SYS_GET_CMDLINE semi-hosting call.

Indeed, in arm-semi.c (line ~376), args are read from 
ts->info->host_argv, which in turn has been initialised much earlier in 
linuxload.c:load_exec with the value of target_argv.

The problem is that target_argv is freed in main() target code execution.

A quick and dirty fix is not to free target_argv, a better one would be 
to re-construct it again from the allocated target memory.

I am surprised to face such an obvious bug, am I missing something?
(The corresponding commit took place in Nov 2006, how could it go 
unnoticed for so long?)

Thanks.

Christophe.