qemu/0039-linux-user-Cast-validity-checks-on-.patch

From d9fc1799803a3783e0f764b0c9b7a336c8d3b893 Mon Sep 17 00:00:00 2001
From: Alexander Graf <agraf@suse.de>
Date: Fri, 22 Aug 2014 11:28:52 +0200
Subject: [PATCH] linux-user: Cast validity checks on g_posix_timers range

We check whether the passed in counter value is negative on all calls
that involve g_posix_timers. However, we also check check for negativity
of that value after casting it - at which point it couldn't possibly be
negative anymore.

Cast the check to int16_t. Maybe this is correct. Maybe the check should
get removed completely.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 linux-user/syscall.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 0b4668d..660095b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9602,7 +9602,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
          * struct itimerspec * old_value */
         arg1 &= 0xffff;
-        if (arg3 == 0 || arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if (arg3 == 0 || (int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9624,7 +9624,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
         arg1 &= 0xffff;
         if (!arg2) {
             return -TARGET_EFAULT;
-        } else if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        } else if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9644,7 +9644,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
     {
         /* args: timer_t timerid */
         arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9659,7 +9659,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
     {
         /* args: timer_t timerid */
         arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
fix parted in qemu-linux-user OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=227 2014-08-22 12:38:44 +02:00			`From d9fc1799803a3783e0f764b0c9b7a336c8d3b893 Mon Sep 17 00:00:00 2001`
			`From: Alexander Graf <agraf@suse.de>`
			`Date: Fri, 22 Aug 2014 11:28:52 +0200`
			`Subject: [PATCH] linux-user: Cast validity checks on g_posix_timers range`

			`We check whether the passed in counter value is negative on all calls`
			`that involve g_posix_timers. However, we also check check for negativity`
			`of that value after casting it - at which point it couldn't possibly be`
			`negative anymore.`

			`Cast the check to int16_t. Maybe this is correct. Maybe the check should`
			`get removed completely.`

			`Signed-off-by: Alexander Graf <agraf@suse.de>`
			`---`
			`linux-user/syscall.c \| 8 ++++----`
			`1 file changed, 4 insertions(+), 4 deletions(-)`

			`diff --git a/linux-user/syscall.c b/linux-user/syscall.c`
			`index 0b4668d..660095b 100644`
			`--- a/linux-user/syscall.c`
			`+++ b/linux-user/syscall.c`
			`@@ -9602,7 +9602,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,`
			`/* args: timer_t timerid, int flags, const struct itimerspec *new_value,`
			`* struct itimerspec * old_value */`
			`arg1 &= 0xffff;`
			`- if (arg3 == 0 \|\| arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`+ if (arg3 == 0 \|\| (int16_t)arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`ret = -TARGET_EINVAL;`
			`} else {`
			`timer_t htimer = g_posix_timers[arg1];`
			`@@ -9624,7 +9624,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,`
			`arg1 &= 0xffff;`
			`if (!arg2) {`
			`return -TARGET_EFAULT;`
			`- } else if (arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`+ } else if ((int16_t)arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`ret = -TARGET_EINVAL;`
			`} else {`
			`timer_t htimer = g_posix_timers[arg1];`
			`@@ -9644,7 +9644,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,`
			`{`
			`/* args: timer_t timerid */`
			`arg1 &= 0xffff;`
			`- if (arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`+ if ((int16_t)arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`ret = -TARGET_EINVAL;`
			`} else {`
			`timer_t htimer = g_posix_timers[arg1];`
			`@@ -9659,7 +9659,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,`
			`{`
			`/* args: timer_t timerid */`
			`arg1 &= 0xffff;`
			`- if (arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`+ if ((int16_t)arg1 < 0 \|\| arg1 >= ARRAY_SIZE(g_posix_timers)) {`
			`ret = -TARGET_EINVAL;`
			`} else {`
			`timer_t htimer = g_posix_timers[arg1];`