From 36f1de3c898330a827cabe904ff99b4377b06131 Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Tue, 31 Dec 2019 18:23:17 +0100
Subject: [PATCH] Kernel: Pointer range validation should fail on wraparound

Let's reject address ranges that wrap around the 2^32 mark.
---
 Kernel/Process.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index e5f16db99f..14a8cb9423 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -1971,6 +1971,8 @@ bool Process::validate_read(const void* address, ssize_t size) const
     ASSERT(size >= 0);
     VirtualAddress first_address((u32)address);
     VirtualAddress last_address = first_address.offset(size - 1);
+    if (last_address < first_address)
+        return false;
     if (is_ring0()) {
         auto kmc_result = check_kernel_memory_access(first_address, false);
         if (kmc_result == KernelMemoryCheckResult::AccessGranted)
@@ -1995,6 +1997,8 @@ bool Process::validate_write(void* address, ssize_t size) const
     ASSERT(size >= 0);
     VirtualAddress first_address((u32)address);
     VirtualAddress last_address = first_address.offset(size - 1);
+    if (last_address < first_address)
+        return false;
     if (is_ring0()) {
         if (is_kmalloc_address(address))
             return true;