From b1408f61b4e0587f1494fb23931b5904c1b17669 Mon Sep 17 00:00:00 2001
From: Erik van der Kouwe <erik@minix3.org>
Date: Tue, 19 Jul 2011 08:58:01 +0200
Subject: [PATCH] Sanity checks prevent VM panic for mmap, vm_remap and
 map_phys

---
 servers/vm/mmap.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/servers/vm/mmap.c b/servers/vm/mmap.c
index 18de2cbdc..f3260f836 100644
--- a/servers/vm/mmap.c
+++ b/servers/vm/mmap.c
@@ -55,7 +55,7 @@ PUBLIC int do_mmap(message *m)
 		u32_t vrflags = VR_ANON | VR_WRITABLE;
 		size_t len = (vir_bytes) m->VMM_LEN;
 
-		if(m->VMM_FD != -1) {
+		if(m->VMM_FD != -1 || len <= 0) {
 			return EINVAL;
 		}
 
@@ -143,6 +143,8 @@ PUBLIC int do_map_phys(message *m)
 	target = m->VMMP_EP;
 	len = m->VMMP_LEN;
 
+	if (len <= 0) return EINVAL;
+
 	if(target == SELF)
 		target = m->m_source;
 
@@ -234,6 +236,8 @@ PUBLIC int do_remap(message *m)
 	sa = (vir_bytes) m->VMRE_SA;
 	size = m->VMRE_SIZE;
 
+	if (size <= 0) return EINVAL;
+
 	if ((r = vm_isokendpt((endpoint_t) m->VMRE_D, &dn)) != OK)
 		return EINVAL;
 	if ((r = vm_isokendpt((endpoint_t) m->VMRE_S, &sn)) != OK)
-- 
2.44.0