Message ID | 201003280053.o2S0rrvk014831@smtp12.dti.ne.jp |
---|---|
State | New |
Headers | show |
diff --git a/exec.c b/exec.c index 14767b7..26cd8b9 100644 --- a/exec.c +++ b/exec.c @@ -2410,7 +2410,7 @@ int page_check_range(target_ulong start, target_ulong len, int flags) assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); #endif - if (start + len - 1 < start) { + if (len > 0 && start + len -1 < start) { /* We've wrapped around. */ return -1; }
Fix page_check_range() wrap-around check when len=0. write(1,"",0) on linux-user emulation should be OK, but fails. This is a regression brought by 376a7909. This patch fixes it at the last of the calling path shown below, do_syscall:write -> access_ok() -> page_check_range(), as linux-kernel does. For example, x86 does it at follows, sys_write() -> access_ok() -> __range_not_ok(). This implies calling page_check_range() with len=0 is valid. Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp> --- exec.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)