Fix two issues in error handling in target_to_host_semarray():
* don't leak the host_array buffer if lock_user fails
* return an error if malloc() fails
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
linux-user/syscall.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bb3e4b1..c92f026 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2429,10 +2429,15 @@ static inline abi_long target_to_host_semarray(int
semid, unsigned short **host_
nsems = semid_ds.sem_nsems;
*host_array = malloc(nsems*sizeof(unsigned short));
+ if (!*host_array) {
+ return -TARGET_ENOMEM;
+ }
array = lock_user(VERIFY_READ, target_addr,
nsems*sizeof(unsigned short), 1);
- if (!array)
+ if (!array) {
+ free(host_array);
return -TARGET_EFAULT;
+ }
for(i=0; i<nsems; i++) {
__get_user((*host_array)[i], &array[i]);
--
1.8.5
