Thank you Eric for guiding me in the right direction. I look forward to implement this correctly.
On Thu, Oct 1, 2015 at 9:27 PM, Eric Blake <[email protected]> wrote: > On 09/30/2015 11:32 PM, Harmandeep Kaur wrote: > > Convert malloc()/calloc() calls to g_malloc()/g_try_malloc()/g_new0() > > in linux-user/syscall.c file > > This part is fine, > > > > > v1->v2 convert the free() call in host_to_target_semarray() > > to g_free() and calls g_try_malloc(count) instead of > > g_try_malloc(sizeof(count)) > > but this part belongs... > > > > > Signed-off-by: Harmandeep Kaur <[email protected]> > > --- > > ...here, after the --- separator. It is useful information to mail > reviewers, but worthless in the qemu.git history (a year from now, we > won't care how many versions it went through on the list, only the > version that got checked in). > > > > +++ b/linux-user/syscall.c > > @@ -1554,12 +1554,7 @@ set_timeout: > > } > > > > fprog.len = tswap16(tfprog->len); > > - filter = malloc(fprog.len * sizeof(*filter)); > > - if (filter == NULL) { > > - unlock_user_struct(tfilter, tfprog->filter, 1); > > - unlock_user_struct(tfprog, optval_addr, 1); > > - return -TARGET_ENOMEM; > > - } > > + filter = g_malloc(fprog.len * sizeof(*filter)); > > This should use g_new(TYPE, fprog.len) to avoid overflow issues. > > -- > Eric Blake eblake redhat com +1-919-301-3266 > Libvirt virtualization library http://libvirt.org > >
