From: Laurent Vivier <laurent@vivier.eu>
Date: Thu, 16 Jun 2016 19:01:36 +0000 (+0200)
Subject: linux-user: fd_trans_host_to_target_data() must process only received data
X-Git-Tag: v2.7.0-rc0~78^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=48dc0f2c3d87c74c31a27e1d17dabf26c378b1e8;p=thirdparty%2Fqemu.git

linux-user: fd_trans_host_to_target_data() must process only received data

if we process the whole buffer, the netlink helpers can try
to swap invalid data.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 33409c01bab..4b0d7911044 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2991,7 +2991,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
             len = ret;
             if (fd_trans_host_to_target_data(fd)) {
                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
-                                                       msg.msg_iov->iov_len);
+                                                       len);
             } else {
                 ret = host_to_target_cmsg(msgp, &msg);
             }