From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KuRq4-0000q0-GA
	for qemu-devel@nongnu.org; Mon, 27 Oct 2008 09:08:56 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KuRq2-0000pb-64
	for qemu-devel@nongnu.org; Mon, 27 Oct 2008 09:08:55 -0400
Received: from [199.232.76.173] (port=41243 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KuRq1-0000pY-Sy
	for qemu-devel@nongnu.org; Mon, 27 Oct 2008 09:08:54 -0400
Received: from rv-out-0708.google.com ([209.85.198.246]:49897)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <balrogg@gmail.com>) id 1KuRq1-0004lL-Ht
	for qemu-devel@nongnu.org; Mon, 27 Oct 2008 09:08:53 -0400
Received: by rv-out-0708.google.com with SMTP id f25so1894819rvb.22
	for <qemu-devel@nongnu.org>; Mon, 27 Oct 2008 06:08:52 -0700 (PDT)
Message-ID: <fb249edb0810270608x64a351fav83ddcd26d58a9780@mail.gmail.com>
Date: Mon, 27 Oct 2008 14:08:52 +0100
From: "andrzej zaborowski" <balrogg@gmail.com>
Subject: Re: [Qemu-devel] [PATCH] mmap: add check if requested memory area
	fits target address space
In-Reply-To: <1224225264-8483-1-git-send-email-kirill@shutemov.name>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1223892640-15545-13-git-send-email-kirill@shutemov.name>
	<1224225264-8483-1-git-send-email-kirill@shutemov.name>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>

On 17/10/2008, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
>  ---
>   linux-user/mmap.c |    5 +++++
>   1 files changed, 5 insertions(+), 0 deletions(-)
>
>  diff --git a/linux-user/mmap.c b/linux-user/mmap.c
>  index bc20f4b..9a2f355 100644
>  --- a/linux-user/mmap.c
>  +++ b/linux-user/mmap.c
>  @@ -388,6 +388,11 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
>          end = start + len;
>          real_end = HOST_PAGE_ALIGN(end);
>
>  +        if ((unsigned long)start + len > (abi_ulong) -1) {
>  +            errno = EINVAL;
>  +            goto fail;
>  +        }

I'm being picky but this would prevent the last byte from being used?
:p  (or the last page because len is aligned?)

I'm not sure unsigned long is the best choice.

Cheers