diff options
author | bellard <bellard@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-11-14 10:17:35 +0000 |
---|---|---|
committer | bellard <bellard@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-11-14 10:17:35 +0000 |
commit | 3dd98412ba5a54be627531a385faa539167ddbdf (patch) | |
tree | e50c50d3f2853efd6b6572a3fe13f5852b126c31 | |
parent | 271a916e8a4188b0ec94bafff18aa93de0047820 (diff) |
added lock_user() in target_strlen()
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3639 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r-- | linux-user/uaccess.c | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/linux-user/uaccess.c b/linux-user/uaccess.c index 3f838180cb..ed50437566 100644 --- a/linux-user/uaccess.c +++ b/linux-user/uaccess.c @@ -37,15 +37,40 @@ abi_long copy_to_user(abi_ulong gaddr, void *hptr, size_t len) return ret; } +/* XXX: use host strnlen if available ? */ +static int qemu_strnlen(const char *s, int max_len) +{ + int i; + for(i = 0; i < max_len; i++) { + if (s[i] == '\0') + break; + } + return i; +} -/* Return the length of a string in target memory. */ -/* FIXME - this doesn't check access_ok() - it's rather complicated to - * do it correctly because we need to check the bytes in a page and then - * skip to the next page and check the bytes there until we find the - * terminator. There should be a general function to do this that - * can look for any byte terminator in a buffer - not strlen(). - */ -abi_long target_strlen(abi_ulong gaddr) +/* Return the length of a string in target memory or -TARGET_EFAULT if + access error */ +abi_long target_strlen(abi_ulong guest_addr1) { - return strlen(g2h(gaddr)); + uint8_t *ptr; + abi_ulong guest_addr; + int max_len, len; + + guest_addr = guest_addr1; + for(;;) { + max_len = TARGET_PAGE_SIZE - (guest_addr & ~TARGET_PAGE_MASK); + ptr = lock_user(VERIFY_READ, guest_addr, max_len, 1); + if (!ptr) + return -TARGET_EFAULT; + len = qemu_strnlen(ptr, max_len); + unlock_user(ptr, guest_addr, 0); + guest_addr += len; + /* we don't allow wrapping or integer overflow */ + if (guest_addr == 0 || + (guest_addr - guest_addr1) > 0x7fffffff) + return -TARGET_EFAULT; + if (len != max_len) + break; + } + return guest_addr - guest_addr1; } |