From dd8dc288f5f2395307a766130c37be2c473dfa18 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 1 Oct 2023 03:20:31 +0200
Subject: mach_port_names: Make sure we did not overflow the allocated area

---
 ipc/mach_port.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipc/mach_port.c b/ipc/mach_port.c
index db6dae61..a07b4fe9 100644
--- a/ipc/mach_port.c
+++ b/ipc/mach_port.c
@@ -160,6 +160,7 @@ mach_port_names(
 	vm_offset_t addr2;	/* allocated memory, for types */
 	vm_map_copy_t memory1;	/* copied-in memory, for names */
 	vm_map_copy_t memory2;	/* copied-in memory, for types */
+	ipc_entry_num_t bound;
 
 	/* safe simplifying assumption */
 	assert_static(sizeof(mach_port_name_t) == sizeof(mach_port_type_t));
@@ -170,7 +171,6 @@ mach_port_names(
 	size = 0;
 
 	for (;;) {
-		ipc_entry_num_t bound;
 		vm_size_t size_needed;
 
 		is_read_lock(space);
@@ -240,6 +240,7 @@ mach_port_names(
 					       names, types, &actual);
 		}
 	}
+	assert(actual < bound);
 	is_read_unlock(space);
 
 	if (actual == 0) {
-- 
cgit v1.2.3