Date: Mon, 10 Jun 2019 03:07:11 +0000 (UTC) From: Doug Moore <dougm@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r348843 - head/sys/vm Message-ID: <201906100307.x5A37BFt099669@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dougm Date: Mon Jun 10 03:07:10 2019 New Revision: 348843 URL: https://svnweb.freebsd.org/changeset/base/348843 Log: There are times when a len==0 parameter to mmap is okay. But on a 32-bit machine, a len parameter just a few bytes short of 4G, rounded up to a page boundary and hitting zero then, is not okay. Return failure in that case. Reported by: pho Reviewed by: alc, kib (mentor) Tested by: pho Differential Revision: https://reviews.freebsd.org/D20580 Modified: head/sys/vm/vm_mmap.c Modified: head/sys/vm/vm_mmap.c ============================================================================== --- head/sys/vm/vm_mmap.c Sun Jun 9 22:55:21 2019 (r348842) +++ head/sys/vm/vm_mmap.c Mon Jun 10 03:07:10 2019 (r348843) @@ -257,7 +257,10 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s /* Adjust size for rounding (on both ends). */ size += pageoff; /* low end... */ - size = (vm_size_t) round_page(size); /* hi end */ + /* Check for rounding up to zero. */ + if (round_page(size) < size) + return (EINVAL); + size = round_page(size); /* hi end */ /* Ensure alignment is at least a page and fits in a pointer. */ align = flags & MAP_ALIGNMENT_MASK;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906100307.x5A37BFt099669>