Le 03/11/2020 à 15:15, Peter Maydell a écrit : > Coverity points out that we don't check the return value from > copy_from_user() in vma_dump_size(). This is to some extent > a "can't happen" error since we've already checked the page > with an access_ok() call earlier, but it's simple enough to > handle the error anyway. > > Fixes: Coverity CID 1432362 > Signed-off-by: Peter Maydell <[email protected]> > --- > linux-user/elfload.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/linux-user/elfload.c b/linux-user/elfload.c > index bf8c1bd2533..e19d0b5cb05 100644 > --- a/linux-user/elfload.c > +++ b/linux-user/elfload.c > @@ -3484,7 +3484,9 @@ static abi_ulong vma_dump_size(const struct > vm_area_struct *vma) > if (vma->vma_flags & PROT_EXEC) { > char page[TARGET_PAGE_SIZE]; > > - copy_from_user(page, vma->vma_start, sizeof (page)); > + if (copy_from_user(page, vma->vma_start, sizeof (page))) { > + return 0; > + } > if ((page[EI_MAG0] == ELFMAG0) && > (page[EI_MAG1] == ELFMAG1) && > (page[EI_MAG2] == ELFMAG2) && >
Applied to my linux-user-for-5.2 branch. Thanks, Laurent
