From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LOw43-0006Tj-9Q
	for qemu-devel@nongnu.org; Mon, 19 Jan 2009 10:29:23 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LOw41-0006S3-50
	for qemu-devel@nongnu.org; Mon, 19 Jan 2009 10:29:22 -0500
Received: from [199.232.76.173] (port=54915 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LOw41-0006Ry-0O
	for qemu-devel@nongnu.org; Mon, 19 Jan 2009 10:29:21 -0500
Received: from [84.20.150.76] (port=44504 helo=narury.org)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <nchip@kos.to>) id 1LOw40-0006Q9-GW
	for qemu-devel@nongnu.org; Mon, 19 Jan 2009 10:29:20 -0500
Received: from kos.to (localhost.localdomain [127.0.0.1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by narury.org (Postfix) with ESMTP id E4E903274001
	for <qemu-devel@nongnu.org>; Mon, 19 Jan 2009 17:29:12 +0200 (EET)
Date: Mon, 19 Jan 2009 17:29:12 +0200
From: Riku Voipio <riku.voipio@iki.fi>
Message-ID: <20090119152912.GA20568@kos.to>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Qemu-devel] [PATCH] fix read() and acct() on NULL arguments
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Returning efault in these cases is not correct. Originally
proposed by Thayne Harbaugh in 2007:

http://www.mail-archive.com/qemu-devel@nongnu.org/msg14658.html

Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
---
 linux-user/syscall.c |   24 ++++++++++++++++--------
 1 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4eb003a..ab81b3a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3713,10 +3713,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
         ret = 0; /* avoid warning */
         break;
     case TARGET_NR_read:
-        if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
-            goto efault;
-        ret = get_errno(read(arg1, p, arg3));
-        unlock_user(p, arg2, ret);
+        if (arg3 == 0)
+            ret = 0;
+        else {
+            if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
+                goto efault;
+            ret = get_errno(read(arg1, p, arg3));
+            unlock_user(p, arg2, ret);
+        }
         break;
     case TARGET_NR_write:
         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
@@ -4217,10 +4221,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
         goto unimplemented;
 #endif
     case TARGET_NR_acct:
-        if (!(p = lock_user_string(arg1)))
-            goto efault;
-        ret = get_errno(acct(path(p)));
-        unlock_user(p, arg1, 0);
+        if (arg1 == 0) {
+            ret = get_errno(acct(NULL));
+        } else {
+            if (!(p = lock_user_string(arg1)))
+                goto efault;
+            ret = get_errno(acct(path(p)));
+            unlock_user(p, arg1, 0);
+        }
         break;
 #ifdef TARGET_NR_umount2 /* not on alpha */
     case TARGET_NR_umount2:
-- 
1.5.6.5


-- 
"rm -rf" only sounds scary if you don't have backups