Hello Eric,
+-- On Fri, 3 Mar 2017, Eric Blake wrote --+
| much smaller, or you should consider using the heap instead of the stack
| (alloca should never be used for more than about 4k). And there's still
| the possibility that even with your cap, that you are not handling E2BIG
| correctly.
+-- On Fri, 3 Mar 2017, Jann Horn wrote --+
| On Fri, Mar 3, 2017 at 4:55 PM, Peter Maydell
wrote:
| >> +if (argc > ARG_MAX || envc > ARG_MAX) {
| >> +fprintf(stderr,
| >> +"argc(%d), envc(%d) exceed %d\n", argc, envc,
ARG_MAX);
| >> +
On 3 March 2017 at 15:57, Jann Horn wrote:
> On Fri, Mar 3, 2017 at 4:55 PM, Peter Maydell
> wrote:
>> This code is already supposed to handle "argument string too big",
>> see commit a6f79cc9a5e.
>>
>> What's the actual bug case we're trying to handle here?
>
> commit a6f79cc9a5e doesn't help h
On Fri, Mar 3, 2017 at 4:56 PM, Peter Maydell wrote:
> On 3 March 2017 at 14:54, Eric Blake wrote:
>>> +ret = -TARGET_EFAULT;
>>> +break;
>>> +}
>>> argp = alloca((argc + 1) * sizeof(void *));
>>> envp = alloca((envc + 1) * siz
On 3 March 2017 at 14:54, Eric Blake wrote:
>> +ret = -TARGET_EFAULT;
>> +break;
>> +}
>> argp = alloca((argc + 1) * sizeof(void *));
>> envp = alloca((envc + 1) * sizeof(void *));
>
> ...Uggh. You're using alloca() but allowing
On Fri, Mar 3, 2017 at 4:55 PM, Peter Maydell wrote:
> On 3 March 2017 at 11:25, P J P wrote:
>> From: Prasad J Pandit
>>
>> Limit the number of arguments passed to execve(2) call from
>> a user program, as large number of them could lead to a bad
>> guest address error.
>>
>> Reported-by: Jann
On 3 March 2017 at 11:25, P J P wrote:
> From: Prasad J Pandit
>
> Limit the number of arguments passed to execve(2) call from
> a user program, as large number of them could lead to a bad
> guest address error.
>
> Reported-by: Jann Horn
> Signed-off-by: Prasad J Pandit
> ---
> linux-user/sys
On 03/03/2017 05:25 AM, P J P wrote:
> From: Prasad J Pandit
>
> Limit the number of arguments passed to execve(2) call from
> a user program, as large number of them could lead to a bad
> guest address error.
Depending on how the kernel was compiled, you may have a limited maximum
size for the
From: Prasad J Pandit
Limit the number of arguments passed to execve(2) call from
a user program, as large number of them could lead to a bad
guest address error.
Reported-by: Jann Horn
Signed-off-by: Prasad J Pandit
---
linux-user/syscall.c | 7 +++
1 file changed, 7 insertions(+)
diff
