From 69d4c703a549f0630793a67b16a8fc6bc14c8654 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 17 Feb 2014 18:55:34 +0000 Subject: linux-user: Fix error handling in target_to_host_semarray() Fix two issues in error handling in target_to_host_semarray(): * don't leak the host_array buffer if lock_user fails * return an error if malloc() fails v2: added missing * -Riku Voipio Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 8f5a58ee0b..1407b7a546 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2430,10 +2430,15 @@ static inline abi_long target_to_host_semarray(int semid, unsigned short **host_ nsems = semid_ds.sem_nsems; *host_array = malloc(nsems*sizeof(unsigned short)); + if (!*host_array) { + return -TARGET_ENOMEM; + } array = lock_user(VERIFY_READ, target_addr, nsems*sizeof(unsigned short), 1); - if (!array) + if (!array) { + free(*host_array); return -TARGET_EFAULT; + } for(i=0; i