From: Cristiano Giuffrida Date: Fri, 4 Jun 2010 18:05:38 +0000 (+0000) Subject: Fix range checking in safecopy. X-Git-Tag: v3.1.8~502 X-Git-Url: http://zhaoyanbai.com/repos/%22/xml/v3/zones/static/man.host.html?a=commitdiff_plain;h=a53514d4a9e739baccc996cd18dc0481e2e435b5;p=minix.git Fix range checking in safecopy. --- diff --git a/kernel/system/do_safecopy.c b/kernel/system/do_safecopy.c index 4650ae307..d25329d92 100644 --- a/kernel/system/do_safecopy.c +++ b/kernel/system/do_safecopy.c @@ -147,8 +147,8 @@ endpoint_t *e_granter; /* new granter (magic grants) */ /* Don't fiddle around with grants that wrap, arithmetic * below may be confused. */ - if(MEM_TOP - g.cp_u.cp_direct.cp_len < - g.cp_u.cp_direct.cp_start - 1) { + if(MEM_TOP - g.cp_u.cp_direct.cp_len + 1 < + g.cp_u.cp_direct.cp_start) { printf( "verify_grant: direct grant verify failed: len too long\n"); return EPERM;