diff mbox series

[v2,06/74] semihosting: Simplify softmmu_lock_user_string

Message ID 20220503194843.1379101-7-richard.henderson@linaro.org
State Superseded
Headers show
Series semihosting cleanup | expand

Commit Message

Richard Henderson May 3, 2022, 7:47 p.m. UTC
We are not currently bounding the search to the 1024 bytes
that we allocated, possibly overrunning the buffer.
Use softmmu_strlen_user to find the length and allocate the
correct size from the beginning.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 semihosting/uaccess.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

Comments

Peter Maydell May 16, 2022, 3:12 p.m. UTC | #1
On Tue, 3 May 2022 at 21:05, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> We are not currently bounding the search to the 1024 bytes
> that we allocated, possibly overrunning the buffer.
> Use softmmu_strlen_user to find the length and allocate the
> correct size from the beginning.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM
diff mbox series

Patch

diff --git a/semihosting/uaccess.c b/semihosting/uaccess.c
index 3cd809122c..f5fc94c401 100644
--- a/semihosting/uaccess.c
+++ b/semihosting/uaccess.c
@@ -54,20 +54,11 @@  ssize_t softmmu_strlen_user(CPUArchState *env, target_ulong addr)
 
 char *softmmu_lock_user_string(CPUArchState *env, target_ulong addr)
 {
-    /* TODO: Make this something that isn't fixed size.  */
-    char *s = malloc(1024);
-    size_t len = 0;
-
-    if (!s) {
+    ssize_t len = softmmu_strlen_user(env, addr);
+    if (len < 0) {
         return NULL;
     }
-    do {
-        if (cpu_memory_rw_debug(env_cpu(env), addr++, s + len, 1, 0)) {
-            free(s);
-            return NULL;
-        }
-    } while (s[len++]);
-    return s;
+    return softmmu_lock_user(env, addr, len + 1, true);
 }
 
 void softmmu_unlock_user(CPUArchState *env, void *p,