sanchayanmaity/minix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix range checking in safecopy.

Browse source
This commit is contained in:
Cristiano Giuffrida 2010-06-04 18:05:38 +00:00
parent 8c69c6cd7f
commit a53514d4a9
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
kernel/system/do_safecopy.c
View file

@ -147,8 +147,8 @@ endpoint_t *e_granter; /* new granter (magic grants) */
/* Don't fiddle around with grants that wrap, arithmetic
* below may be confused.
*/
if(MEM_TOP - g.cp_u.cp_direct.cp_len <
g.cp_u.cp_direct.cp_start - 1) {
if(MEM_TOP - g.cp_u.cp_direct.cp_len + 1 <
g.cp_u.cp_direct.cp_start) {
printf(
"verify_grant: direct grant verify failed: len too long\n");
return EPERM;