For compat32, emulate the same wraparound check as occurs on the real

ILP32 system.

Reported by and discussed with:	asomers
PR:	230162
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D16525
This commit is contained in:
Konstantin Belousov 2018-07-31 18:00:47 +00:00
parent 005783a0a6
commit 6e1d2cf679

View File

@ -600,6 +600,12 @@ kern_mprotect(struct thread *td, uintptr_t addr0, size_t size, int prot)
addr -= pageoff;
size += pageoff;
size = (vm_size_t) round_page(size);
#ifdef COMPAT_FREEBSD32
if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
if (((addr + size) & 0xffffffff) < addr)
return (EINVAL);
} else
#endif
if (addr + size < addr)
return (EINVAL);