On Mon, Jun 10, 2019 at 03:07:11AM +0000, Doug Moore wrote: > Author: dougm > Date: Mon Jun 10 03:07:10 2019 > New Revision: 348843 > URL: https://svnweb.freebsd.org/changeset/base/348843 > > Log: > There are times when a len==0 parameter to mmap is okay. But on a > 32-bit machine, a len parameter just a few bytes short of 4G, rounded > up to a page boundary and hitting zero then, is not okay. Return > failure in that case. > > Reported by: pho > Reviewed by: alc, kib (mentor) > Tested by: pho > Differential Revision: https://reviews.freebsd.org/D20580 > > Modified: > head/sys/vm/vm_mmap.c > > Modified: head/sys/vm/vm_mmap.c > ============================================================================== > --- head/sys/vm/vm_mmap.c Sun Jun 9 22:55:21 2019 (r348842) > +++ head/sys/vm/vm_mmap.c Mon Jun 10 03:07:10 2019 (r348843) > @@ -257,7 +257,10 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s > > /* Adjust size for rounding (on both ends). */ > size += pageoff; /* low end... */ > - size = (vm_size_t) round_page(size); /* hi end */ > + /* Check for rounding up to zero. */ > + if (round_page(size) < size) > + return (EINVAL);
The mmap(2) manpage says that len==0 results in EINVAL, so the manpage needs updating. I'm curious what "there are times" refers to. Can you or the original reporter elaborate those cases? Thanks a lot! -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
signature.asc
Description: PGP signature
