From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49840)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1W9nMz-0006pa-0f
	for qemu-devel@nongnu.org; Sat, 01 Feb 2014 22:05:21 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1W9nMu-0003MI-UQ
	for qemu-devel@nongnu.org; Sat, 01 Feb 2014 22:05:16 -0500
Received: from mail-pa0-x22d.google.com ([2607:f8b0:400e:c03::22d]:53016)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <edgar.iglesias@gmail.com>) id 1W9nMu-0003MD-NA
	for qemu-devel@nongnu.org; Sat, 01 Feb 2014 22:05:12 -0500
Received: by mail-pa0-f45.google.com with SMTP id lf10so5871732pab.4
	for <qemu-devel@nongnu.org>; Sat, 01 Feb 2014 19:05:11 -0800 (PST)
Received: from localhost
	(ec2-54-206-39-244.ap-southeast-2.compute.amazonaws.com.
	[54.206.39.244]) by mx.google.com with ESMTPSA id
	ns7sm42194434pbc.32.2014.02.01.19.05.10 for <qemu-devel@nongnu.org>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Sat, 01 Feb 2014 19:05:11 -0800 (PST)
From: edgar.iglesias@gmail.com
Date: Sun,  2 Feb 2014 03:04:52 +0000
Message-Id: <1391310292-18008-7-git-send-email-edgar.iglesias@gmail.com>
In-Reply-To: <1391310292-18008-1-git-send-email-edgar.iglesias@gmail.com>
References: <1391310292-18008-1-git-send-email-edgar.iglesias@gmail.com>
Subject: [Qemu-devel] [PATCH 6/6] linux-user: Fix trampoline code for CRIS
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

From: Stefan Weil <sw@weilnetz.de>

__put_user can write bytes, words (2 bytes) or longwords (4 bytes).
Here obviously words should have been written, but bytes were written,
so values like 0x9c5f were truncated to 0x5f.

Fix this by changing retcode from uint8_t to to uint16_t in
target_signal_frame and also in the unused rt_signal_frame.

This problem was reported by static code analysis (smatch).

Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 linux-user/signal.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 01d7c39..82e8592 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -3659,7 +3659,7 @@ struct target_sigcontext {
 struct target_signal_frame {
         struct target_sigcontext sc;
         uint32_t extramask[TARGET_NSIG_WORDS - 1];
-        uint8_t retcode[8];       /* Trampoline code. */
+        uint16_t retcode[4];      /* Trampoline code. */
 };
 
 struct rt_signal_frame {
@@ -3667,7 +3667,7 @@ struct rt_signal_frame {
         void *puc;
         siginfo_t info;
         struct ucontext uc;
-        uint8_t retcode[8];       /* Trampoline code. */
+        uint16_t retcode[4];      /* Trampoline code. */
 };
 
 static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env)
@@ -3745,8 +3745,8 @@ static void setup_frame(int sig, struct target_sigaction *ka,
 	 */
 	err |= __put_user(0x9c5f, frame->retcode+0);
 	err |= __put_user(TARGET_NR_sigreturn, 
-			  frame->retcode+2);
-	err |= __put_user(0xe93d, frame->retcode+4);
+			  frame->retcode + 1);
+	err |= __put_user(0xe93d, frame->retcode + 2);
 
 	/* Save the mask.  */
 	err |= __put_user(set->sig[0], &frame->sc.oldmask);
-- 
1.8.3.2