On 6/5/20 10:46 AM, Alex Bennée wrote: > > Richard Henderson <r...@twiddle.net> writes: > >> On 6/5/20 7:11 AM, Alex Bennée wrote: >>> @@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, >>> int prot, >>> * It can fail only on 64-bit host with 32-bit target. >>> * On any other target/host host mmap() handles this error >>> correctly. >>> */ >>> - if (!guest_range_valid(start, len)) { >>> + if (end < start || !guest_range_valid(start, len)) { >>> errno = ENOMEM; >>> goto fail; >>> } >> >> Interesting. I was adjusting guest_range_valid tagged pointers yesterday, >> and >> thought that it looked buggy. > > Should be picking this up in guest_range_valid?
I think so. How can a range really be considered valid if it wraps? r~