On Fri, Oct 8, 2021 at 4:27 PM Warner Losh <i...@bsdimp.com> wrote:
>
> mmap should return ENOMEM on len overflow rather than EINVAL. Return
> EINVAL when len == 0 and ENOMEM when the rounded to a page length is 0.
> Found by make check-tcg.
>
> Signed-off-by: Warner Losh <i...@bsdimp.com>
> Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> ---
> bsd-user/mmap.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 6f33aec58b..f0be3b12cf 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -455,11 +455,18 @@ abi_long target_mmap(abi_ulong start, abi_ulong len,
> int prot,
> goto fail;
> }
>
> - len = TARGET_PAGE_ALIGN(len);
> if (len == 0) {
> errno = EINVAL;
> goto fail;
> }
> +
> + /* Check for overflows */
> + len = TARGET_PAGE_ALIGN(len);
> + if (len == 0) {
> + errno = ENOMEM;
> + goto fail;
> + }
> +
> real_start = start & qemu_host_page_mask;
> host_offset = offset & qemu_host_page_mask;
>
> --
> 2.32.0
>
>
Reviewed-by: Kyle Evans <kev...@freebsd.org>
