ipc/shm.c: check for ulong overflows in shmat

[firefly-linux-kernel-4.4.55.git] / ipc / shm.c

diff --git a/ipc/shm.c b/ipc/shm.c
index 2b64b0d25bba4054493c4e3019de5342f95c5c1d..dda8f1ff3c352105f1e1549ac6e3971ef0425251 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1160,6 +1160,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
        down_write(&current->mm->mmap_sem);
        if (addr && !(shmflg & SHM_REMAP)) {
                err = -EINVAL;
+               if (addr + size < addr)
+                       goto invalid;
+
                if (find_vma_intersection(current->mm, addr, addr + size))
                        goto invalid;
                /*