From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Iu6p0-0002BW-Eu
	for qemu-devel@nongnu.org; Mon, 19 Nov 2007 08:37:54 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Iu6ov-0002A8-S2
	for qemu-devel@nongnu.org; Mon, 19 Nov 2007 08:37:54 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Iu6ov-0002A5-Nd
	for qemu-devel@nongnu.org; Mon, 19 Nov 2007 08:37:49 -0500
Received: from partizan.velesys.com ([213.184.230.195])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <k.shutemov@gmail.com>) id 1Iu6ov-0001Nr-5F
	for qemu-devel@nongnu.org; Mon, 19 Nov 2007 08:37:49 -0500
Received: from localhost (partizan [10.0.5.24])
	by partizan.velesys.com (paritzan.velesys.com) with ESMTP id
	56862341E2F
	for <qemu-devel@nongnu.org>; Mon, 19 Nov 2007 15:37:39 +0200 (EET)
Received: from partizan.velesys.com ([10.0.5.24])
	by localhost (partizan.velesys.com [10.0.5.24]) (amavisd-new,
	port 10024) with ESMTP id gVOTBt2QNhsA for <qemu-devel@nongnu.org>;
	Mon, 19 Nov 2007 15:37:38 +0200 (EET)
Received: from localhost.localdomain (chapaj-kas.velesys.com [10.0.3.88])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by partizan.velesys.com (paritzan.velesys.com) with ESMTP id
	4B8A2341E2E
	for <qemu-devel@nongnu.org>; Mon, 19 Nov 2007 15:37:38 +0200 (EET)
Date: Mon, 19 Nov 2007 15:39:01 +0200
From: "Kirill A. Shutemov" <k.shutemov@gmail.com>
Message-ID: <20071119133901.GA27579@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy"
Content-Disposition: inline
Subject: [Qemu-devel] [PATCH] Fix for execve syscall
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org


--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There is error in execve syscall implementation. guest_argp and guest_envp
should not be altered during argument list checking.=20

This bug was introduced by commit "suppressed tgetx and tputx (initial=20
patch by Thayne Harbaugh)".

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index f08baf9..0918124 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3266,18 +3266,18 @@ abi_long do_syscall(void *cpu_env, int num, abi_lon=
g arg1,
             argc =3D 0;
             guest_argp =3D arg2;
             for (gp =3D guest_argp; ; gp++) {
-                if (get_user_ual(guest_argp, gp))
+                if (get_user_ual(addr, gp))
                     goto efault;
-                if (!guest_argp)
+                if (!addr)
                     break;
                 argc++;
             }
             envc =3D 0;
             guest_envp =3D arg3;
             for (gp =3D guest_envp; ; gp++) {
-                if (get_user_ual(guest_envp, gp))
+                if (get_user_ual(addr, gp))
                     goto efault;
-                if (!guest_envp)
+                if (!addr)
                     break;
                 envc++;
             }
--=20
Regards,  Kirill A. Shutemov
 + Belarus, Minsk
 + Velesys LLC, http://www.velesys.com/
 + ALT Linux Team, http://www.altlinux.com/

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHQZH0bWYnhzC5v6oRAgyBAJ9Kmq0LA77imswQTihitRh/97QTuQCfcXcx
OMih3PbPCRKJeCEOl3MTsJw=
=wUgm
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--