If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP.
Signed-off-by: Peter Maydell <[email protected]> --- I guess I'll resend this mixed bag of linux-user patches as a single series after the trunk reopens; feel free to review in the meantime :-) linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 35df073..d38eb24 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1779,7 +1779,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr, errno = 0; return NULL; } - if (count > IOV_MAX) { + if (count < 0 || count > IOV_MAX) { errno = EINVAL; return NULL; } -- 1.7.9.5
