aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--vm/vm_map.c28
1 files changed, 22 insertions, 6 deletions
diff --git a/vm/vm_map.c b/vm/vm_map.c
index 4476812d..4490878d 100644
--- a/vm/vm_map.c
+++ b/vm/vm_map.c
@@ -3145,6 +3145,14 @@ kern_return_t vm_map_copyin(
}
/*
+ * Check that the end address doesn't overflow
+ */
+
+ if ((src_addr + len) <= src_addr) {
+ return KERN_INVALID_ADDRESS;
+ }
+
+ /*
* Compute start and end of region
*/
@@ -3152,12 +3160,12 @@ kern_return_t vm_map_copyin(
src_end = round_page(src_addr + len);
/*
- * Check that the end address doesn't overflow
+ * XXX VM maps shouldn't end at maximum address
*/
- if (src_end <= src_start)
- if ((src_end < src_start) || (src_start != 0))
- return(KERN_INVALID_ADDRESS);
+ if (src_end == 0) {
+ return KERN_INVALID_ADDRESS;
+ }
/*
* Allocate a header element for the list.
@@ -3622,6 +3630,14 @@ kern_return_t vm_map_copyin_page_list(
}
/*
+ * Check that the end address doesn't overflow
+ */
+
+ if ((src_addr + len) <= src_addr) {
+ return KERN_INVALID_ADDRESS;
+ }
+
+ /*
* Compute start and end of region
*/
@@ -3629,10 +3645,10 @@ kern_return_t vm_map_copyin_page_list(
src_end = round_page(src_addr + len);
/*
- * Check that the end address doesn't overflow
+ * XXX VM maps shouldn't end at maximum address
*/
- if (src_end <= src_start && (src_end < src_start || src_start != 0)) {
+ if (src_end == 0) {
return KERN_INVALID_ADDRESS;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 10:34:31 +0000