projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
ipc/shm.c: check for ulong overflows in shmat
[firefly-linux-kernel-4.4.55.git]
/
ipc
/
shm.c
diff --git
a/ipc/shm.c
b/ipc/shm.c
index 2b64b0d25bba4054493c4e3019de5342f95c5c1d..dda8f1ff3c352105f1e1549ac6e3971ef0425251 100644
(file)
--- a/
ipc/shm.c
+++ b/
ipc/shm.c
@@
-1160,6
+1160,9
@@
long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
down_write(¤t->mm->mmap_sem);
if (addr && !(shmflg & SHM_REMAP)) {
err = -EINVAL;
+ if (addr + size < addr)
+ goto invalid;
+
if (find_vma_intersection(current->mm, addr, addr + size))
goto invalid;
/*