motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-07-28 04:43:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

linux-user: in poll(), if nfds is 0, pfd can be NULL

Browse source 
This problem appears with yum in Fedora 20 / PPC64 container.

test case:

    #include <stdio.h>
    #include <poll.h>

    int main(void)
    {
        int ret;

        ret = poll(NULL, 0, 1000);
        printf("%d\n", ret);
    }

target test environment: Fedora 20 / PPC64
host test environment: Ubuntu 14.0.2 / x86_64

original test result: -1

    13451 poll(0,0,1000,274886297496,268566664,268566648) = -1 errno=14 (Bad address)

patched test result: 0

    13536 poll(0,0,1000,274886297496,268566664,268566648) = 0

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
This commit is contained in:
Laurent Vivier 2015-10-06 01:20:48 +02:00 committed by Riku Voipio
parent 928bed6a05
commit 3e24bb3f12
1 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
linux-user/syscall.c
View file

@ -8046,15 +8046,21 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
struct pollfd *pfd; struct pollfd *pfd;
unsigned int i; unsigned int i;
target_pfd = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_pollfd) * nfds, 1); pfd = NULL;
if (!target_pfd) target_pfd = NULL;
if (nfds) {
target_pfd = lock_user(VERIFY_WRITE, arg1,
sizeof(struct target_pollfd) * nfds, 1);
if (!target_pfd) {
goto efault; goto efault;
}
pfd = alloca(sizeof(struct pollfd) * nfds); pfd = alloca(sizeof(struct pollfd) * nfds);
for (i = 0; i < nfds; i++) { for (i = 0; i < nfds; i++) {
pfd[i].fd = tswap32(target_pfd[i].fd); pfd[i].fd = tswap32(target_pfd[i].fd);
pfd[i].events = tswap16(target_pfd[i].events); pfd[i].events = tswap16(target_pfd[i].events);
} }
}
# ifdef TARGET_NR_ppoll # ifdef TARGET_NR_ppoll
if (num == TARGET_NR_ppoll) { if (num == TARGET_NR_ppoll) {