From a53514d4a9e739baccc996cd18dc0481e2e435b5 Mon Sep 17 00:00:00 2001 From: Cristiano Giuffrida Date: Fri, 4 Jun 2010 18:05:38 +0000 Subject: [PATCH] Fix range checking in safecopy. --- kernel/system/do_safecopy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/system/do_safecopy.c b/kernel/system/do_safecopy.c index 4650ae307..d25329d92 100644 --- a/kernel/system/do_safecopy.c +++ b/kernel/system/do_safecopy.c @@ -147,8 +147,8 @@ endpoint_t *e_granter; /* new granter (magic grants) */ /* Don't fiddle around with grants that wrap, arithmetic * below may be confused. */ - if(MEM_TOP - g.cp_u.cp_direct.cp_len < - g.cp_u.cp_direct.cp_start - 1) { + if(MEM_TOP - g.cp_u.cp_direct.cp_len + 1 < + g.cp_u.cp_direct.cp_start) { printf( "verify_grant: direct grant verify failed: len too long\n"); return EPERM; -- 2.44.0