linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
parent
4144f122b4
commit
0d07fe47d4
|
@ -2848,7 +2848,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
|
||||||
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
|
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
|
||||||
return -TARGET_EFAULT;
|
return -TARGET_EFAULT;
|
||||||
|
|
||||||
host_mb = malloc(msgsz+sizeof(long));
|
host_mb = g_malloc(msgsz+sizeof(long));
|
||||||
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
|
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
|
||||||
|
|
||||||
if (ret > 0) {
|
if (ret > 0) {
|
||||||
|
@ -2863,11 +2863,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
|
||||||
}
|
}
|
||||||
|
|
||||||
target_mb->mtype = tswapal(host_mb->mtype);
|
target_mb->mtype = tswapal(host_mb->mtype);
|
||||||
free(host_mb);
|
|
||||||
|
|
||||||
end:
|
end:
|
||||||
if (target_mb)
|
if (target_mb)
|
||||||
unlock_user_struct(target_mb, msgp, 1);
|
unlock_user_struct(target_mb, msgp, 1);
|
||||||
|
g_free(host_mb);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue