From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36684) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3oje-0007sY-Ge for qemu-devel@nongnu.org; Fri, 20 May 2016 14:01:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b3ojU-0005xZ-Pq for qemu-devel@nongnu.org; Fri, 20 May 2016 14:01:18 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:57172) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3ojU-0005wS-JO for qemu-devel@nongnu.org; Fri, 20 May 2016 14:01:08 -0400 From: Peter Maydell Date: Fri, 20 May 2016 19:00:57 +0100 Message-Id: <1463767257-20466-3-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1463767257-20466-1-git-send-email-peter.maydell@linaro.org> References: <1463767257-20466-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH 2/2] linux-user: Use g_try_malloc() in do_msgrcv() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: patches@linaro.org, Riku Voipio In do_msgrcv() we want to allocate a message buffer, whose size is passed to us by the guest. That means we could legitimately fail, so use g_try_malloc() and handle the error case, in the same way that do_msgsnd() does. Signed-off-by: Peter Maydell --- linux-user/syscall.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 0becbe4..ae81473 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3110,7 +3110,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) return -TARGET_EFAULT; - host_mb = g_malloc(msgsz+sizeof(long)); + host_mb = g_try_malloc(msgsz + sizeof(long)); + if (!host_mb) { + ret = -TARGET_ENOMEM; + goto end; + } ret = get_errno(msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg)); if (ret > 0) { -- 1.9.1