aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbellard <bellard@c046a42c-6fe2-441c-8c8c-71466251a162>2007-11-14 10:17:35 +0000
committerbellard <bellard@c046a42c-6fe2-441c-8c8c-71466251a162>2007-11-14 10:17:35 +0000
commit3dd98412ba5a54be627531a385faa539167ddbdf (patch)
treee50c50d3f2853efd6b6572a3fe13f5852b126c31
parent271a916e8a4188b0ec94bafff18aa93de0047820 (diff)
added lock_user() in target_strlen()
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3639 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r--linux-user/uaccess.c43
1 files changed, 34 insertions, 9 deletions
diff --git a/linux-user/uaccess.c b/linux-user/uaccess.c
index 3f838180cb..ed50437566 100644
--- a/linux-user/uaccess.c
+++ b/linux-user/uaccess.c
@@ -37,15 +37,40 @@ abi_long copy_to_user(abi_ulong gaddr, void *hptr, size_t len)
return ret;
}
+/* XXX: use host strnlen if available ? */
+static int qemu_strnlen(const char *s, int max_len)
+{
+ int i;
+ for(i = 0; i < max_len; i++) {
+ if (s[i] == '\0')
+ break;
+ }
+ return i;
+}
-/* Return the length of a string in target memory. */
-/* FIXME - this doesn't check access_ok() - it's rather complicated to
- * do it correctly because we need to check the bytes in a page and then
- * skip to the next page and check the bytes there until we find the
- * terminator. There should be a general function to do this that
- * can look for any byte terminator in a buffer - not strlen().
- */
-abi_long target_strlen(abi_ulong gaddr)
+/* Return the length of a string in target memory or -TARGET_EFAULT if
+ access error */
+abi_long target_strlen(abi_ulong guest_addr1)
{
- return strlen(g2h(gaddr));
+ uint8_t *ptr;
+ abi_ulong guest_addr;
+ int max_len, len;
+
+ guest_addr = guest_addr1;
+ for(;;) {
+ max_len = TARGET_PAGE_SIZE - (guest_addr & ~TARGET_PAGE_MASK);
+ ptr = lock_user(VERIFY_READ, guest_addr, max_len, 1);
+ if (!ptr)
+ return -TARGET_EFAULT;
+ len = qemu_strnlen(ptr, max_len);
+ unlock_user(ptr, guest_addr, 0);
+ guest_addr += len;
+ /* we don't allow wrapping or integer overflow */
+ if (guest_addr == 0 ||
+ (guest_addr - guest_addr1) > 0x7fffffff)
+ return -TARGET_EFAULT;
+ if (len != max_len)
+ break;
+ }
+ return guest_addr - guest_addr1;
}