Index: qemu/linux-user/syscall.c
================================================================================
--- qemu/linux-user/syscall.c
+++ qemu/linux-user/syscall.c
@@ -1983,9 +1983,19 @@
 
     switch (call) {
     case IPCOP_semop:
-        ret = get_errno(semop(first,(struct sembuf *)g2h(ptr), second));
+    {
+	struct sembuf *target_sops;
+	int i;
+	lock_user_struct(VERIFY_READ, target_sops, ptr, 0);
+	for(i=0; i<second; i++) {
+		target_sops[i].sem_num = tswap16(target_sops[i].sem_num);
+		target_sops[i].sem_op  = tswap16(target_sops[i].sem_op);
+		target_sops[i].sem_flg = tswap16(target_sops[i].sem_flg);
+	}
+        ret = get_errno(semop(first, target_sops, second));
+	unlock_user_struct(target_sops, ptr, 0);
         break;
-
+    }
     case IPCOP_semget:
         ret = get_errno(semget(first, second, third));
         break;