All of lore.kernel.org
 help / color / mirror / Atom feed
From: riku.voipio@linaro.org
To: qemu-devel@nongnu.org
Cc: Alexander Graf <agraf@suse.de>
Subject: [Qemu-devel] [PATCH 09/19] linux-user: fix QEMU_STRACE=1 segfault
Date: Fri,  3 Feb 2012 16:49:22 +0200	[thread overview]
Message-ID: <962b289ef35087fcd8764e4e29808d8ac90157f7.1328280144.git.riku.voipio@linaro.org> (raw)
In-Reply-To: <cover.1328280144.git.riku.voipio@linaro.org>

From: Alexander Graf <agraf@suse.de>

While debugging some issues with QEMU_STRACE I stumbled over segmentation
faults that were pretty reproducible. Turns out we tried to treat a
normal return value as errno, resulting in an access over array boundaries
for the resolution.

Fix this by allowing failure to resolve invalid errnos into strings.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/strace.c  |   18 ++++++++++++++----
 linux-user/syscall.c |    3 +++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 90027a1..269481e 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -284,8 +284,13 @@ print_ipc(const struct syscallname *name,
 static void
 print_syscall_ret_addr(const struct syscallname *name, abi_long ret)
 {
-if( ret == -1 ) {
-        gemu_log(" = -1 errno=%d (%s)\n", errno, target_strerror(errno));
+    char *errstr = NULL;
+
+    if (ret == -1) {
+        errstr = target_strerror(errno);
+    }
+    if ((ret == -1) && errstr) {
+        gemu_log(" = -1 errno=%d (%s)\n", errno, errstr);
     } else {
         gemu_log(" = 0x" TARGET_ABI_FMT_lx "\n", ret);
     }
@@ -1515,14 +1520,19 @@ void
 print_syscall_ret(int num, abi_long ret)
 {
     int i;
+    char *errstr = NULL;
 
     for(i=0;i<nsyscalls;i++)
         if( scnames[i].nr == num ) {
             if( scnames[i].result != NULL ) {
                 scnames[i].result(&scnames[i],ret);
             } else {
-                if( ret < 0 ) {
-                    gemu_log(" = -1 errno=" TARGET_ABI_FMT_ld " (%s)\n", -ret, target_strerror(-ret));
+                if (ret < 0) {
+                    errstr = target_strerror(-ret);
+                }
+                if (errstr) {
+                    gemu_log(" = -1 errno=" TARGET_ABI_FMT_ld " (%s)\n",
+                             -ret, errstr);
                 } else {
                     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
                 }
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 15b8b22..29d92c4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -731,6 +731,9 @@ static inline int is_error(abi_long ret)
 
 char *target_strerror(int err)
 {
+    if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
+        return NULL;
+    }
     return strerror(target_to_host_errno(err));
 }
 
-- 
1.7.5.4

  parent reply	other threads:[~2012-02-03 14:49 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-03 14:49 [Qemu-devel] [PULL] [PATCH 00/19] linux-user update riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 01/19] linux-user: stack_base is now mandatory on all targets riku.voipio
2012-02-08  9:46   ` Laurent Desnogues
2013-03-07 11:03     ` Laurent Desnogues
2013-03-11 15:00       ` Riku Voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 02/19] linux-user: save auxv length riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 03/19] linux-user: add open() hijack infrastructure riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 04/19] linux-user: fake /proc/self/maps riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 05/19] linux-user: fake /proc/self/stat riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 06/19] linux-user: fake /proc/self/auxv riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 07/19] linux-user/main.c: Add option to user-mode emulation so that user can specify log file name riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 08/19] linux-user: add SO_PEERCRED support for getsockopt riku.voipio
2012-02-03 14:49 ` riku.voipio [this message]
2012-02-03 14:49 ` [Qemu-devel] [PATCH 10/19] linux-user/strace.c: Correct errno printing for mmap etc riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 11/19] linux-user: fix wait* syscall status returns riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 12/19] linux-user: Allow NULL value pointer in setxattr and getxattr riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 13/19] linux-user/syscall.c: Implement f and l versions of set/get/removexattr riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 14/19] linux-user: Implement *listxattr syscalls riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 15/19] linux-user: Add default-configs for mipsn32[el] riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 16/19] linux-user: Add default configs for mips64[el] riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 17/19] linux-user: Define TARGET_QEMU_ESIGRETURN for mipsn32 riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 18/19] linux-user: Define TARGET_QEMU_ESIGRETURN for mips64 riku.voipio
2012-02-03 14:49 ` [Qemu-devel] [PATCH 19/19] linux-user: Fix sa_flags byte swaps for mips riku.voipio
2012-02-04 12:43 ` [Qemu-devel] [PULL] [PATCH 00/19] linux-user update Blue Swirl
  -- strict thread matches above, loose matches on Subject: below --
2012-01-31  9:29 [Qemu-devel] [PATCH 00/19] Pending linux-user patches riku.voipio
2012-01-31  9:29 ` [Qemu-devel] [PATCH 09/19] linux-user: fix QEMU_STRACE=1 segfault riku.voipio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=962b289ef35087fcd8764e4e29808d8ac90157f7.1328280144.git.riku.voipio@linaro.org \
    --to=riku.voipio@linaro.org \
    --cc=agraf@suse.de \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.