diff options
Diffstat (limited to 'linux-user')
| -rw-r--r-- | linux-user/syscall.c | 13 | ||||
| -rw-r--r-- | linux-user/syscall_defs.h | 2 |
2 files changed, 13 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b4a7b605f3..5b3fce3dc0 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3901,7 +3901,7 @@ static inline abi_long do_semtimedop(int semid, unsigned nsops, abi_long timeout) { - struct sembuf sops[nsops]; + struct sembuf *sops; struct timespec ts, *pts = NULL; abi_long ret; @@ -3912,8 +3912,16 @@ static inline abi_long do_semtimedop(int semid, } } - if (target_to_host_sembuf(sops, ptr, nsops)) + if (nsops > TARGET_SEMOPM) { + return -TARGET_E2BIG; + } + + sops = g_new(struct sembuf, nsops); + + if (target_to_host_sembuf(sops, ptr, nsops)) { + g_free(sops); return -TARGET_EFAULT; + } ret = -TARGET_ENOSYS; #ifdef __NR_semtimedop @@ -3925,6 +3933,7 @@ static inline abi_long do_semtimedop(int semid, SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts))); } #endif + g_free(sops); return ret; } #endif diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index 427a25f5bc..9aa3bd724f 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -46,6 +46,8 @@ #define IPCOP_shmget 23 #define IPCOP_shmctl 24 +#define TARGET_SEMOPM 500 + /* * The following is for compatibility across the various Linux * platforms. The i386 ioctl numbering scheme doesn't really enforce |