Author: dougm Date: Mon Jun 10 03:07:10 2019 New Revision: 348843 URL: https://svnweb.freebsd.org/changeset/base/348843
Log: There are times when a len==0 parameter to mmap is okay. But on a 32-bit machine, a len parameter just a few bytes short of 4G, rounded up to a page boundary and hitting zero then, is not okay. Return failure in that case. Reported by: pho Reviewed by: alc, kib (mentor) Tested by: pho Differential Revision: https://reviews.freebsd.org/D20580 Modified: head/sys/vm/vm_mmap.c Modified: head/sys/vm/vm_mmap.c ============================================================================== --- head/sys/vm/vm_mmap.c Sun Jun 9 22:55:21 2019 (r348842) +++ head/sys/vm/vm_mmap.c Mon Jun 10 03:07:10 2019 (r348843) @@ -257,7 +257,10 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s /* Adjust size for rounding (on both ends). */ size += pageoff; /* low end... */ - size = (vm_size_t) round_page(size); /* hi end */ + /* Check for rounding up to zero. */ + if (round_page(size) < size) + return (EINVAL); + size = round_page(size); /* hi end */ /* Ensure alignment is at least a page and fits in a pointer. */ align = flags & MAP_ALIGNMENT_MASK; _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
