Kernel: Round old address/size in sys$mremap() to page size multiples

Found by fuzz-syscalls. :^)
author: Andreas Kling <kling@serenityos.org> 2021-02-14 13:14:25 +0100
committer: Andreas Kling <kling@serenityos.org> 2021-02-14 13:15:05 +0100
commit: 6ee499aeb01eb95ae318c67d4f6bb992b803c8ab (patch)
tree: 4ba9334f807a1e7029e2823b34671ccafe97c750 /Kernel
parent: 0e92a80434d08e0f030e6ded418360ad785bf57d (diff)
download: serenity-6ee499aeb01eb95ae318c67d4f6bb992b803c8ab.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp
index b380858300..6f6c04e459 100644
--- a/Kernel/Syscalls/mmap.cpp
+++ b/Kernel/Syscalls/mmap.cpp
@@ -469,11 +469,17 @@ void* Process::sys$mremap(Userspace<const Syscall::SC_mremap_params*> user_param
 {
     REQUIRE_PROMISE(stdio);
 
-    Syscall::SC_mremap_params params;
+    Syscall::SC_mremap_params params {};
     if (!copy_from_user(&params, user_params))
         return (void*)-EFAULT;
 
-    auto* old_region = space().find_region_from_range(Range { VirtualAddress(params.old_address), params.old_size });
+    if (page_round_up_would_wrap(params.old_size))
+        return (void*)-EINVAL;
+
+    auto old_address = page_round_down(params.old_address);
+    auto old_size = page_round_up(params.old_size);
+
+    auto* old_region = space().find_region_from_range(Range { VirtualAddress { old_address }, old_size });
     if (!old_region)
         return (void*)-EINVAL;
author	Andreas Kling <kling@serenityos.org>	2021-02-14 13:14:25 +0100
committer	Andreas Kling <kling@serenityos.org>	2021-02-14 13:15:05 +0100
commit	6ee499aeb01eb95ae318c67d4f6bb992b803c8ab (patch)
tree	4ba9334f807a1e7029e2823b34671ccafe97c750 /Kernel
parent	0e92a80434d08e0f030e6ded418360ad785bf57d (diff)
download	serenity-6ee499aeb01eb95ae318c67d4f6bb992b803c8ab.zip