From: Cristiano Giuffrida <cristiano@minix3.org>
Date: Fri, 4 Jun 2010 18:05:38 +0000 (+0000)
Subject: Fix range checking in safecopy.
X-Git-Tag: v3.1.8~502
X-Git-Url: http://zhaoyanbai.com/repos/Bv9ARM.ch04.html?a=commitdiff_plain;h=a53514d4a9e739baccc996cd18dc0481e2e435b5;p=minix.git

Fix range checking in safecopy.
---

diff --git a/kernel/system/do_safecopy.c b/kernel/system/do_safecopy.c
index 4650ae307..d25329d92 100644
--- a/kernel/system/do_safecopy.c
+++ b/kernel/system/do_safecopy.c
@@ -147,8 +147,8 @@ endpoint_t *e_granter;		/* new granter (magic grants) */
 		/* Don't fiddle around with grants that wrap, arithmetic
 		 * below may be confused.
 		 */
-		if(MEM_TOP - g.cp_u.cp_direct.cp_len <
-			g.cp_u.cp_direct.cp_start - 1) {
+		if(MEM_TOP - g.cp_u.cp_direct.cp_len + 1 <
+			g.cp_u.cp_direct.cp_start) {
 			printf(
 		"verify_grant: direct grant verify failed: len too long\n");
 			return EPERM;