system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-21 18:15:58 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Kernel: Round old address/size in sys$mremap() to page size multiples

Browse source 
Found by fuzz-syscalls. :^)
This commit is contained in:
Andreas Kling 2021-02-14 13:14:25 +01:00
parent 0e92a80434
commit 6ee499aeb0
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Kernel/Syscalls/mmap.cpp
View file

@ -469,11 +469,17 @@ void* Process::sys$mremap(Userspace<const Syscall::SC_mremap_params*> user_param
{
REQUIRE_PROMISE(stdio);
Syscall::SC_mremap_params params;
Syscall::SC_mremap_params params {};
if (!copy_from_user(&params, user_params))
return (void*)-EFAULT;
auto* old_region = space().find_region_from_range(Range { VirtualAddress(params.old_address), params.old_size });
if (page_round_up_would_wrap(params.old_size))
return (void*)-EINVAL;
auto old_address = page_round_down(params.old_address);
auto old_size = page_round_up(params.old_size);
auto* old_region = space().find_region_from_range(Range { VirtualAddress { old_address }, old_size });
if (!old_region)
return (void*)-EINVAL;