From 48dc0f2c3d87c74c31a27e1d17dabf26c378b1e8 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Thu, 16 Jun 2016 21:01:36 +0200 Subject: [PATCH] linux-user: fd_trans_host_to_target_data() must process only received data if we process the whole buffer, the netlink helpers can try to swap invalid data. Signed-off-by: Laurent Vivier Signed-off-by: Riku Voipio Reviewed-by: Peter Maydell --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 33409c01ba..4b0d791104 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2991,7 +2991,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, len = ret; if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, - msg.msg_iov->iov_len); + len); } else { ret = host_to_target_cmsg(msgp, &msg); }