Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/uvm Detect overflow when rounding length parameter and r...
details: https://anonhg.NetBSD.org/src/rev/4dd5d76535f6
branches: trunk
changeset: 336439:4dd5d76535f6
user: mlelstv <mlelstv%NetBSD.org@localhost>
date: Sun Mar 01 13:43:51 2015 +0000
description:
Detect overflow when rounding length parameter and return ENOMEM.
Fixes PR kern/49692.
diffstat:
sys/uvm/uvm_mmap.c | 16 ++++++++++------
1 files changed, 10 insertions(+), 6 deletions(-)
diffs (44 lines):
diff -r e8ddc420279e -r 4dd5d76535f6 sys/uvm/uvm_mmap.c
--- a/sys/uvm/uvm_mmap.c Sun Mar 01 13:19:39 2015 +0000
+++ b/sys/uvm/uvm_mmap.c Sun Mar 01 13:43:51 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_mmap.c,v 1.151 2015/01/10 23:35:02 chs Exp $ */
+/* $NetBSD: uvm_mmap.c,v 1.152 2015/03/01 13:43:51 mlelstv Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.151 2015/01/10 23:35:02 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.152 2015/03/01 13:43:51 mlelstv Exp $");
#include "opt_compat_netbsd.h"
#include "opt_pax.h"
@@ -289,7 +289,7 @@
struct proc *p = l->l_proc;
vaddr_t addr;
off_t pos;
- vsize_t size, pageoff;
+ vsize_t size, pageoff, newsize;
vm_prot_t prot, maxprot;
int flags, fd, advice;
vaddr_t defaddr;
@@ -338,9 +338,13 @@
*/
pageoff = (pos & PAGE_MASK);
- pos -= pageoff;
- size += pageoff; /* add offset */
- size = (vsize_t)round_page(size); /* round up */
+ pos -= pageoff;
+ newsize = size + pageoff; /* add offset */
+ newsize = (vsize_t)round_page(newsize); /* round up */
+
+ if (newsize < size)
+ return (ENOMEM);
+ size = newsize;
/*
* now check (MAP_FIXED) or get (!MAP_FIXED) the "addr"
Home |
Main Index |
Thread Index |
Old Index