On 6/5/20 10:46 AM, Alex Bennée wrote:
>
> Richard Henderson <r...@twiddle.net> writes:
>
>> On 6/5/20 7:11 AM, Alex Bennée wrote:
>>> @@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len,
>>> int prot,
>>> * It can fail only on 64-bit host with 32-bit target.
>>> * On any other target/host host mmap() handles this error
>>> correctly.
>>> */
>>> - if (!guest_range_valid(start, len)) {
>>> + if (end < start || !guest_range_valid(start, len)) {
>>> errno = ENOMEM;
>>> goto fail;
>>> }
>>
>> Interesting. I was adjusting guest_range_valid tagged pointers yesterday,
>> and
>> thought that it looked buggy.
>
> Should be picking this up in guest_range_valid?
I think so. How can a range really be considered valid if it wraps?
r~
