disallow creation of objects larger than PTRDIFF_MAX via mmap

[musl] / src / mman / mmap.c

diff --git a/src/mman/mmap.c b/src/mman/mmap.c
index 93c7658..b56cff8 100644 (file)
--- a/src/mman/mmap.c
+++ b/src/mman/mmap.c
@@ -1,16 +1,38 @@
 #include <unistd.h>
 #include <sys/mman.h>
 #include <errno.h>
+#include <stdint.h>
 #include <limits.h>
 #include "syscall.h"
 #include "libc.h"
 
+static void dummy1(int x) { }
+static void dummy0(void) { }
+weak_alias(dummy1, __vm_lock);
+weak_alias(dummy0, __vm_unlock);
+
+#define OFF_MASK ((-0x2000ULL << (8*sizeof(long)-1)) | 0xfff)
+
 void *__mmap(void *start, size_t len, int prot, int flags, int fd, off_t off)
 {
-       if (sizeof(off_t) > sizeof(long))
-               if (((long)off & 0xfff) | ((long)((unsigned long long)off>>(12 + 8*(sizeof(off_t)-sizeof(long))))))
-                       start = (void *)-1;
-       return (void *)syscall6(__NR_mmap2, (long)start, len, prot, flags, fd, off>>12);
+       void *ret;
+
+       if (off & OFF_MASK) {
+               errno = EINVAL;
+               return MAP_FAILED;
+       }
+       if (len >= PTRDIFF_MAX) {
+               errno = ENOMEM;
+               return MAP_FAILED;
+       }
+       if (flags & MAP_FIXED) __vm_lock(-1);
+#ifdef SYS_mmap2
+       ret = (void *)syscall(SYS_mmap2, start, len, prot, flags, fd, off>>12);
+#else
+       ret = (void *)syscall(SYS_mmap, start, len, prot, flags, fd, off);
+#endif
+       if (flags & MAP_FIXED) __vm_unlock();
+       return ret;
 }
 
 weak_alias(__mmap, mmap);