For compat32, emulate the same wraparound check as occurs on the real

ILP32 system. Reported by and discussed with: asomers PR: 230162 Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D16525
2018-07-31 18:00:47 +00:00 · 2018-07-31 18:00:47 +00:00 · 6e1d2cf679
commit 6e1d2cf679
parent 005783a0a6
1 changed files with 6 additions and 0 deletions
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@ -600,6 +600,12 @@ kern_mprotect(struct thread *td, uintptr_t addr0, size_t size, int prot)
 	addr -= pageoff;
 	size += pageoff;
 	size = (vm_size_t) round_page(size);
+#ifdef COMPAT_FREEBSD32
+	if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
+		if (((addr + size) & 0xffffffff) < addr)
+			return (EINVAL);
+	} else
+#endif
 	if (addr + size < addr)
 		return (EINVAL);