2 files changed, 9 insertions, 4 deletions

diff --git a/Kernel/Memory/MemoryManager.cpp b/Kernel/Memory/MemoryManager.cpp
index 764fd0b887..377cea04ca 100644
--- a/Kernel/Memory/MemoryManager.cpp
+++ b/Kernel/Memory/MemoryManager.cpp
@@ -180,13 +180,16 @@ UNMAP_AFTER_INIT void MemoryManager::register_reserved_ranges()
 bool MemoryManager::is_allowed_to_mmap_to_userspace(PhysicalAddress start_address, VirtualRange const& range) const
 {
     VERIFY(!m_reserved_memory_ranges.is_empty());
+    // Note: Guard against overflow in case someone tries to mmap on the edge of
+    // the RAM
+    if (start_address.offset_addition_would_overflow(range.size()))
+        return false;
+    auto end_address = start_address.offset(range.size());
     for (auto& current_range : m_reserved_memory_ranges) {
-        if (!(current_range.start <= start_address))
+        if (current_range.start > start_address)
             continue;
-        if (!(current_range.start.offset(current_range.length) > start_address))
+        if (current_range.start.offset(current_range.length) < end_address)
             continue;
-        if (current_range.length < range.size())
-            return false;
         return true;
     }
     return false;
diff --git a/Kernel/PhysicalAddress.h b/Kernel/PhysicalAddress.h
index 0a5d0aa4b4..f6d9367e00 100644
--- a/Kernel/PhysicalAddress.h
+++ b/Kernel/PhysicalAddress.h
@@ -6,6 +6,7 @@
 
 #pragma once
 
+#include <AK/Checked.h>
 #include <AK/Format.h>
 #include <AK/Types.h>
 
@@ -30,6 +31,7 @@ public:
     }
 
     [[nodiscard]] PhysicalAddress offset(PhysicalPtr o) const { return PhysicalAddress(m_address + o); }
+    [[nodiscard]] bool offset_addition_would_overflow(PhysicalPtr o) const { return Checked<PhysicalPtr>::addition_would_overflow(m_address, o); }
     [[nodiscard]] PhysicalPtr get() const { return m_address; }
     void set(PhysicalPtr address) { m_address = address; }
     void mask(PhysicalPtr m) { m_address &= m; }