From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjd-0007r7-9o for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bMwjc-0007z7-8J for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:21 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:58258) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjc-0007yc-0u for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:20 -0400 From: Peter Maydell Date: Tue, 12 Jul 2016 13:02:18 +0100 Message-Id: <1468324939-12221-8-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> References: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH 7/8] linux-user: Use glib malloc functions in load_symbols() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: patches@linaro.org, Riku Voipio , Paolo Bonzini Switch to using the glib malloc functions in load_symbols(); this deals with a Coverity complaint about possible integer overflow calculating the allocation size with 'nsyms * sizeof(*syms)'. Signed-off-by: Peter Maydell --- I opted to use the _try_ versions rather than switching to the abort-on-failure allocation functions because (a) the handle-failure code is already in place and correct (b) loading symbols from the ELF file is debug-only and can safely be skipped --- linux-user/elfload.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 7c46cfb..b062199 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2111,19 +2111,19 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) found: /* Now know where the strtab and symtab are. Snarf them. */ - s = malloc(sizeof(*s)); + s = g_try_new(struct syminfo, 1); if (!s) { goto give_up; } i = shdr[str_idx].sh_size; - s->disas_strtab = strings = malloc(i); + s->disas_strtab = strings = g_try_malloc(i); if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { goto give_up; } i = shdr[sym_idx].sh_size; - syms = malloc(i); + syms = g_try_malloc(i); if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { goto give_up; } @@ -2157,7 +2157,7 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) that we threw away. Whether or not this has any effect on the memory allocation depends on the malloc implementation and how many symbols we managed to discard. */ - new_syms = realloc(syms, nsyms * sizeof(*syms)); + new_syms = g_try_renew(struct elf_sym, syms, nsyms); if (new_syms == NULL) { goto give_up; } @@ -2178,9 +2178,9 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) return; give_up: - free(s); - free(strings); - free(syms); + g_free(s); + g_free(strings); + g_free(syms); } int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) -- 1.9.1