mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 14:07:46 +00:00
Kernel: Fix pointer overflow in create_thread
KUBSAN found this overflow from syscall fuzzing. Fixes #5498
This commit is contained in:
parent
7db8ccc0e4
commit
303620ea85
1 changed files with 4 additions and 0 deletions
|
@ -24,6 +24,7 @@
|
|||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <AK/Checked.h>
|
||||
#include <AK/String.h>
|
||||
#include <AK/StringBuilder.h>
|
||||
#include <AK/StringView.h>
|
||||
|
@ -45,6 +46,9 @@ int Process::sys$create_thread(void* (*entry)(void*), Userspace<const Syscall::S
|
|||
int schedule_priority = params.m_schedule_priority;
|
||||
unsigned stack_size = params.m_stack_size;
|
||||
|
||||
if (Checked<FlatPtr>::addition_would_overflow((FlatPtr)params.m_stack_location, stack_size))
|
||||
return -EOVERFLOW;
|
||||
|
||||
auto user_stack_address = (u8*)params.m_stack_location + stack_size;
|
||||
|
||||
if (!MM.validate_user_stack(*this, VirtualAddress(user_stack_address - 4)))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue