@@ -74,9 +74,10 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
if ((start & ~TARGET_PAGE_MASK) != 0)
return -EINVAL;
len = TARGET_PAGE_ALIGN(len);
+ if (!guest_range_valid_untagged(start, len)) {
+ return -ENOMEM;
+ }
end = start + len;
- if (end < start)
- return -EINVAL;
prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
if (len == 0)
return 0;
@@ -689,11 +690,13 @@ int target_munmap(abi_ulong start, abi_ulong len)
TARGET_ABI_FMT_lx "\n",
start, len);
#endif
- if (start & ~TARGET_PAGE_MASK)
+ if (start & ~TARGET_PAGE_MASK) {
return -EINVAL;
+ }
len = TARGET_PAGE_ALIGN(len);
- if (len == 0)
+ if (len == 0 || !guest_range_valid_untagged(start, len)) {
return -EINVAL;
+ }
mmap_lock();
end = start + len;
real_start = start & qemu_host_page_mask;
This is the generic validation function, so remove some hand-rolled ones. Signed-off-by: Warner Losh <imp@bsdimp.com> --- bsd-user/mmap.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)