From df60f451b3eb94305e63f0bb12c9c361a721bc81 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Wed, 22 Aug 2012 13:55:53 +0200 Subject: linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by: Jim Meyering Signed-off-by: Anthony Liguori (cherry picked from commit 0d07fe47d4986271a21ed4ff5237275ff55dd93f) Signed-off-by: Michael Roth --- linux-user/syscall.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 20d2a74877..9bf0b28b88 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2794,7 +2794,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) return -TARGET_EFAULT; - host_mb = malloc(msgsz+sizeof(long)); + host_mb = g_malloc(msgsz+sizeof(long)); ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg)); if (ret > 0) { @@ -2809,11 +2809,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, } target_mb->mtype = tswapal(host_mb->mtype); - free(host_mb); end: if (target_mb) unlock_user_struct(target_mb, msgp, 1); + g_free(host_mb); return ret; } -- cgit v1.2.3