aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWarner Losh <imp@bsdimp.com>2021-09-16 18:43:01 -0600
committerWarner Losh <imp@bsdimp.com>2021-10-17 16:55:52 -0600
commit14837a3f7540f38ba78261238da3914a6529d882 (patch)
tree94292409475bdd1a2825249a3d07cfe45621f93f
parent36d5d891559f6b9f0bae4907669de9bfdf5d4d94 (diff)
downloadqemu-14837a3f7540f38ba78261238da3914a6529d882.zip
qemu-14837a3f7540f38ba78261238da3914a6529d882.tar.gz
qemu-14837a3f7540f38ba78261238da3914a6529d882.tar.bz2
bsd-user/mmap.c: mmap return ENOMEM on overflow
mmap should return ENOMEM on len overflow rather than EINVAL. Return EINVAL when len == 0 and ENOMEM when the rounded to a page length is 0. Found by make check-tcg. Signed-off-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Kyle Evans <kevans@FreeBSD.org>
-rw-r--r--bsd-user/mmap.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 6f33aec..f0be3b1 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -455,11 +455,18 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
goto fail;
}
- len = TARGET_PAGE_ALIGN(len);
if (len == 0) {
errno = EINVAL;
goto fail;
}
+
+ /* Check for overflows */
+ len = TARGET_PAGE_ALIGN(len);
+ if (len == 0) {
+ errno = ENOMEM;
+ goto fail;
+ }
+
real_start = start & qemu_host_page_mask;
host_offset = offset & qemu_host_page_mask;