Kernel: writev() should fail with EINVAL if total length > INT32_MAX

author: Andreas Kling <awesomekling@gmail.com> 2020-01-02 13:01:41 +0100
committer: Andreas Kling <awesomekling@gmail.com> 2020-01-02 13:01:41 +0100
commit: c01f766fb2da533eb3e1c8d102a7d2c99764782f (patch)
tree: 14d0fe2fccd970629918508a700ca4370477db0a /Kernel/Process.cpp
parent: 7f043346646e1dc88fca16b75914a9d4aa0efb56 (diff)
download: serenity-c01f766fb2da533eb3e1c8d102a7d2c99764782f.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index a644e81a32..6d601a9e4b 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -40,6 +40,7 @@
 #include <Kernel/VM/InodeVMObject.h>
 #include <Kernel/VM/PurgeableVMObject.h>
 #include <LibC/errno_numbers.h>
+#include <LibC/limits.h>
 #include <LibC/signal_numbers.h>
 #include <LibELF/ELFLoader.h>
 #include <LibELF/exec_elf.h>
@@ -1272,7 +1273,12 @@ ssize_t Process::sys$writev(int fd, const struct iovec* iov, int iov_count)
     if (!validate_read_typed(iov, iov_count))
         return -EFAULT;
 
-    // FIXME: Return EINVAL if sum of iovecs is greater than INT_MAX
+    u64 total_length = 0;
+    for (int i = 0; i < iov_count; ++i) {
+        total_length += iov[i].iov_len;
+        if (total_length > INT32_MAX)
+            return -EINVAL;
+    }
 
     auto* description = file_description(fd);
     if (!description)
author	Andreas Kling <awesomekling@gmail.com>	2020-01-02 13:01:41 +0100
committer	Andreas Kling <awesomekling@gmail.com>	2020-01-02 13:01:41 +0100
commit	c01f766fb2da533eb3e1c8d102a7d2c99764782f (patch)
tree	14d0fe2fccd970629918508a700ca4370477db0a /Kernel/Process.cpp
parent	7f043346646e1dc88fca16b75914a9d4aa0efb56 (diff)
download	serenity-c01f766fb2da533eb3e1c8d102a7d2c99764782f.zip