Also remove an assertion on start being in range. The values
here can come directly from the guest via a syscall, and so
very well may be out of range via plain bug or DoS attack.
Signed-off-by: Richard Henderson <r...@twiddle.net>
---
exec.c | 9 +--------
1 files changed, 1 insertions(+), 8 deletions(-)
diff --git a/exec.c b/exec.c
index d69194c..ed5eacf 100644
--- a/exec.c
+++ b/exec.c
@@ -2454,17 +2454,10 @@ int page_check_range(target_ulong start, target_ulong
len, int flags)
target_ulong end;
target_ulong addr;
- /* This function should never be called with addresses outside the
- guest address space. If this assert fires, it probably indicates
- a missing call to h2g_valid. */
-#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
- assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
-#endif
-
if (len == 0) {
return 0;
}
- if (start + len - 1 < start) {
+ if (!guest_start_len_valid(start, len)) {
/* We've wrapped around. */
return -1;
}
--
1.6.6.1
