libkvm: Bounds check (more) PTE indices.

svn path=/head/; revision=302975

lib/libkvm/kvm_minidump_arm.c

@@ -184,6 +184,8 @@ _arm_minidump_kvatop(kvm_t *kd, kvaddr_t va, off_t *pa)
 
 	if (va >= vm->hdr.kernbase) {
 		pteindex = (va - vm->hdr.kernbase) >> ARM_PAGE_SHIFT;
+		if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+			goto invalid;
 		pte = _kvm32toh(kd, ptemap[pteindex]);
 		if ((pte & ARM_L2_TYPE_MASK) == ARM_L2_TYPE_INV) {
 			_kvm_err(kd, kd->program,

lib/libkvm/kvm_minidump_i386.c

@@ -162,6 +162,8 @@ _i386_minidump_vatop_pae(kvm_t *kd, kvaddr_t va, off_t *pa)
 
 	if (va >= vm->hdr.kernbase) {
 		pteindex = (va - vm->hdr.kernbase) >> I386_PAGE_SHIFT;
+		if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+			goto invalid;
 		pte = le64toh(ptemap[pteindex]);
 		if ((pte & I386_PG_V) == 0) {
 			_kvm_err(kd, kd->program,
@@ -207,6 +209,8 @@ _i386_minidump_vatop(kvm_t *kd, kvaddr_t va, off_t *pa)
 
 	if (va >= vm->hdr.kernbase) {
 		pteindex = (va - vm->hdr.kernbase) >> I386_PAGE_SHIFT;
+		if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+			goto invalid;
 		pte = le32toh(ptemap[pteindex]);
 		if ((pte & I386_PG_V) == 0) {
 			_kvm_err(kd, kd->program,

lib/libkvm/kvm_minidump_mips.c

@@ -221,9 +221,13 @@ _mips_minidump_kvatop(kvm_t *kd, kvaddr_t va, off_t *pa)
 	if (va >= vm->hdr.kernbase) {
 		pteindex = (va - vm->hdr.kernbase) >> MIPS_PAGE_SHIFT;
 		if (vm->pte_size == 64) {
+			if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap64))
+				goto invalid;
 			pte = _kvm64toh(kd, ptemap64[pteindex]);
 			a = MIPS64_PTE_TO_PA(pte);
 		} else {
+			if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap32))
+				goto invalid;
 			pte = _kvm32toh(kd, ptemap32[pteindex]);
 			a = MIPS32_PTE_TO_PA(pte);
 		}