Verify that addr + size - 1 does not wrap around.
Signed-off-by: Richard Henderson
---
linux-user/qemu.h | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index d36b18b678..2bf35e66ac 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -467,12 +467,19 @@ extern unsigned long guest_stack_size;
#define VERIFY_READ 0
#define VERIFY_WRITE 1 /* implies read access */
-static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
+static inline bool access_ok(int type, abi_ulong addr, abi_ulong size)
{
-return guest_addr_valid(addr) &&
- (size == 0 || guest_addr_valid(addr + size - 1)) &&
- page_check_range((target_ulong)addr, size,
-(type == VERIFY_READ) ? PAGE_READ : (PAGE_READ |
PAGE_WRITE)) == 0;
+if (!guest_addr_valid(addr)) {
+return false;
+}
+if (size != 0 &&
+(addr + size - 1 < addr ||
+ !guest_addr_valid(addr + size - 1))) {
+return false;
+}
+return page_check_range((target_ulong)addr, size,
+(type == VERIFY_READ) ? PAGE_READ :
+(PAGE_READ | PAGE_WRITE)) == 0;
}
/* NOTE __get_user and __put_user use host pointers and don't check access.
--
2.25.1