Module Name: src
Committed By: riastradh
Date: Wed Jul 6 01:13:06 UTC 2022
Modified Files:
src/sys/kern: vfs_vnops.c
Log Message:
mmap(2): Avoid overflow in overflow check in vn_mmap.
To generate a diff of this commit:
cvs rdiff -u -r1.229 -r1.230 src/sys/kern/vfs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_vnops.c
diff -u src/sys/kern/vfs_vnops.c:1.229 src/sys/kern/vfs_vnops.c:1.230
--- src/sys/kern/vfs_vnops.c:1.229 Wed Jul 6 01:12:46 2022
+++ src/sys/kern/vfs_vnops.c Wed Jul 6 01:13:06 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_vnops.c,v 1.229 2022/07/06 01:12:46 riastradh Exp $ */
+/* $NetBSD: vfs_vnops.c,v 1.230 2022/07/06 01:13:06 riastradh Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.229 2022/07/06 01:12:46 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.230 2022/07/06 01:13:06 riastradh Exp $");
#include "veriexec.h"
@@ -930,7 +930,8 @@ vn_mmap(struct file *fp, off_t *offp, si
if (vp->v_type != VCHR && off < 0) {
return EINVAL;
}
- if (vp->v_type != VCHR && (off_t)(off + size) < off) {
+ if (vp->v_type != VCHR &&
+ (size > __type_max(off_t) || off > __type_max(off_t) - size)) {
/* no offset wrapping */
return EOVERFLOW;
}
