From 926090c399ab503d6f7f67a9556d46b5094fd20f Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 22 Apr 2018 00:51:17 +0200
Subject: vm_map: Fix bugs on huge masks parameters

* vm/vm_map.c (vm_map_find_entry_anywhere): Also check that (min + mask) &
~mask remains bigger than min.
---
 vm/vm_map.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'vm')

diff --git a/vm/vm_map.c b/vm/vm_map.c
index 4da72d4e..2fd27316 100644
--- a/vm/vm_map.c
+++ b/vm/vm_map.c
@@ -685,7 +685,7 @@ restart:
 		start = (map->min_offset + mask) & ~mask;
 		end = start + size;
 
-		if ((end <= start) || (end > map->max_offset)) {
+		if ((start < map->min_offset) || (end <= start) || (end > map->max_offset)) {
 			goto error;
 		}
 
@@ -699,7 +699,8 @@ restart:
 		start = (entry->vme_end + mask) & ~mask;
 		end = start + size;
 
-		if ((end > start)
+		if ((start >= entry->vme_end)
+		    && (end > start)
 		    && (end <= map->max_offset)
 		    && (end <= (entry->vme_end + entry->gap_size))) {
 			*startp = start;
@@ -738,6 +739,7 @@ restart:
 
 	assert(entry->gap_size >= max_size);
 	start = (entry->vme_end + mask) & ~mask;
+	assert(start >= entry->vme_end);
 	end = start + size;
 	assert(end > start);
 	assert(end <= (entry->vme_end + entry->gap_size));
-- 
cgit v1.2.3