From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 15 Jul 2016 13:57:26 +0000 (+0100)
Subject: linux-user: Fix handling of iovec counts
X-Git-Tag: v2.8.0-rc0~124^2~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dab32b321f4d510ed5171b12f68bd5aa7a02cffe;p=thirdparty%2Fqemu.git

linux-user: Fix handling of iovec counts

In the kernel the length of an iovec is generally handled as
an unsigned long, not an integer; fix the parameter to
lock_iovec() accordingly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ca06943f3b2..71f40e3ab80 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3119,7 +3119,7 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
 }
 
 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
-                                int count, int copy)
+                                abi_ulong count, int copy)
 {
     struct target_iovec *target_vec;
     struct iovec *vec;
@@ -3132,7 +3132,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr,
         errno = 0;
         return NULL;
     }
-    if (count < 0 || count > IOV_MAX) {
+    if (count > IOV_MAX) {
         errno = EINVAL;
         return NULL;
     }
@@ -3207,7 +3207,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr,
 }
 
 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
-                         int count, int copy)
+                         abi_ulong count, int copy)
 {
     struct target_iovec *target_vec;
     int i;
@@ -3462,7 +3462,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
 {
     abi_long ret, len;
     struct msghdr msg;
-    int count;
+    abi_ulong count;
     struct iovec *vec;
     abi_ulong target_vec;