add check for wrapping of address + size in exec()

author: MikeCAT <[email protected]> 2015-12-20 00:04:52 +0900
committer: Frans Kaashoek <[email protected]> 2016-08-25 07:09:46 -0400
commit: 5625ae49731d25e85bcaf8c8cc8f843969588981 (patch)
tree: 4073625eda7ae914a160da669a204128bb0fb763
parent: 67a7f9597e187dad3dfd9732461fec2de6edbba1 (diff)
download: xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.tar.gz
xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.tar.bz2
xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/exec.c b/exec.c
index e5d1816..d56ee1d 100644
--- a/exec.c
+++ b/exec.c
@@ -44,6 +44,8 @@ exec(char *path, char **argv)
       continue;
     if(ph.memsz < ph.filesz)
       goto bad;
+    if(ph.vaddr + ph.memsz < ph.vaddr)
+      goto bad;
     if((sz = allocuvm(pgdir, sz, ph.vaddr + ph.memsz)) == 0)
       goto bad;
     if(ph.vaddr % PGSIZE != 0)
author	MikeCAT <[email protected]>	2015-12-20 00:04:52 +0900
committer	Frans Kaashoek <[email protected]>	2016-08-25 07:09:46 -0400
commit	5625ae49731d25e85bcaf8c8cc8f843969588981 (patch)
tree	4073625eda7ae914a160da669a204128bb0fb763
parent	67a7f9597e187dad3dfd9732461fec2de6edbba1 (diff)
download	xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.tar.gz xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.tar.bz2 xv6-labs-5625ae49731d25e85bcaf8c8cc8f843969588981.zip