]> Zhao Yanbai Git Server - minix.git/commitdiff
Fix range checking in safecopy.
authorCristiano Giuffrida <cristiano@minix3.org>
Fri, 4 Jun 2010 18:05:38 +0000 (18:05 +0000)
committerCristiano Giuffrida <cristiano@minix3.org>
Fri, 4 Jun 2010 18:05:38 +0000 (18:05 +0000)
kernel/system/do_safecopy.c

index 4650ae307e8712b3db610b9834a023d57afc0fd3..d25329d92e0df0d8cf6b94a5b4d8364367b064d1 100644 (file)
@@ -147,8 +147,8 @@ endpoint_t *e_granter;              /* new granter (magic grants) */
                /* Don't fiddle around with grants that wrap, arithmetic
                 * below may be confused.
                 */
-               if(MEM_TOP - g.cp_u.cp_direct.cp_len <
-                       g.cp_u.cp_direct.cp_start - 1) {
+               if(MEM_TOP - g.cp_u.cp_direct.cp_len + 1 <
+                       g.cp_u.cp_direct.cp_start) {
                        printf(
                "verify_grant: direct grant verify failed: len too long\n");
                        return EPERM;