On 7/19/22 17:41, Peter Maydell wrote:
The TARGET_SYS_TMPNAM implementation has two bugs spotted by Coverity: * confusion about whether 'len' has the length of the string including or excluding the terminating NUL means we lock_user() len bytes of memory but memcpy() len + 1 bytes * In the error-exit cases we forget to free() the buffer that asprintf() returned to usResolves: Coverity CID 1490285, 1490289 Signed-off-by: Peter Maydell<peter.mayd...@linaro.org> --- semihosting/arm-compat-semi.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.hender...@linaro.org> r~
