aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Henderson <richard.henderson@linaro.org>2022-04-27 21:06:58 -0700
committerRichard Henderson <richard.henderson@linaro.org>2022-06-28 04:35:06 +0530
commit3d5e2b4f26e077e9a8fd94659a1ce2dd49c134b7 (patch)
tree333971b2cfe01a404d37c3d17e385775e50f803f
parent5f9ca6f3c5111fadb0b1e76755ceaf738a98db4c (diff)
semihosting: Simplify softmmu_lock_user_string
We are not currently bounding the search to the 1024 bytes that we allocated, possibly overrunning the buffer. Use softmmu_strlen_user to find the length and allocate the correct size from the beginning. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-rw-r--r--semihosting/uaccess.c15
1 files changed, 3 insertions, 12 deletions
diff --git a/semihosting/uaccess.c b/semihosting/uaccess.c
index d6997e3c65..8018828069 100644
--- a/semihosting/uaccess.c
+++ b/semihosting/uaccess.c
@@ -74,20 +74,11 @@ ssize_t softmmu_strlen_user(CPUArchState *env, target_ulong addr)
char *softmmu_lock_user_string(CPUArchState *env, target_ulong addr)
{
- /* TODO: Make this something that isn't fixed size. */
- char *s = malloc(1024);
- size_t len = 0;
-
- if (!s) {
+ ssize_t len = softmmu_strlen_user(env, addr);
+ if (len < 0) {
return NULL;
}
- do {
- if (cpu_memory_rw_debug(env_cpu(env), addr++, s + len, 1, 0)) {
- free(s);
- return NULL;
- }
- } while (s[len++]);
- return s;
+ return softmmu_lock_user(env, addr, len + 1, true);
}
void softmmu_unlock_user(CPUArchState *env, void *p,