Fix integer overflow caused by large addr + size in memory related syscall

2025-06-25 18:33:24 +00:00 · 2024-08-26 13:54:11 +08:00
parent e6e771e9b5
commit 0a8ad6971a
4 changed files with 25 additions and 7 deletions
--- a/kernel/src/syscall/mprotect.rs
+++ b/kernel/src/syscall/mprotect.rs
@ -24,7 +24,11 @@ pub fn sys_mprotect(addr: Vaddr, len: usize, perms: u64, ctx: &Context) -> Resul
    }

    let len = len.align_up(PAGE_SIZE);
-    let range = addr..(addr + len);
+    let end = addr.checked_add(len).ok_or(Error::with_message(
+        Errno::ENOMEM,
+        "integer overflow when (addr + len)",
+    ))?;
+    let range = addr..end;
    root_vmar.protect(vm_perms, range)?;
    Ok(SyscallReturn::Return(0))
 }