diff mbox

[7/7] Use guest_start_len_valid in page_check_range.

Message ID dae82965f1961409fb63502046491dc857ee5bfb.1270488612.git.rth@twiddle.net
State New
Headers show

Commit Message

Richard Henderson March 30, 2010, 7:32 p.m. UTC 
Also remove an assertion on start being in range.  The values
here can come directly from the guest via a syscall, and so
very well may be out of range via plain bug or DoS attack.

Signed-off-by: Richard Henderson <rth@twiddle.net>
---
 exec.c |    9 +--------
 1 files changed, 1 insertions(+), 8 deletions(-)
diff mbox

Patch

diff --git a/exec.c b/exec.c
index d69194c..ed5eacf 100644
--- a/exec.c
+++ b/exec.c
@@ -2454,17 +2454,10 @@  int page_check_range(target_ulong start, target_ulong len, int flags)
     target_ulong end;
     target_ulong addr;
 
-    /* This function should never be called with addresses outside the
-       guest address space.  If this assert fires, it probably indicates
-       a missing call to h2g_valid.  */
-#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
-    assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
-#endif
-
     if (len == 0) {
         return 0;
     }
-    if (start + len - 1 < start) {
+    if (!guest_start_len_valid(start, len)) {
         /* We've wrapped around.  */
         return -1;
     }