Mark Kettenis wrote:
> > From: "Ted Unangst"
> > Date: Fri, 29 Jul 2016 18:38:20 -0400
> >
> > I'm a little confused about the following.
> >
> > > @@ -520,7 +522,7 @@ uaddr_lin_select(struct vm_map *map, str
> > > /* Deal with guardpages: search for space with one extra page. */
> > > guard
> From: "Ted Unangst"
> Date: Fri, 29 Jul 2016 18:38:20 -0400
>
> I'm a little confused about the following.
>
> > @@ -520,7 +522,7 @@ uaddr_lin_select(struct vm_map *map, str
> > /* Deal with guardpages: search for space with one extra page. */
> > guard_sz = ((map->flags & VM_MAP_GUARD
Mark Kettenis wrote:
> The diff below fixes a couple of potential integer overflows in the
> uvm address selection code. Most of these are in code that is
> disabled, such as uaddr_lin_select and the sruff dealing with guard
> pages (guard_sz/guardsz is currently always 0). But I think the
> over
The diff below fixes a couple of potential integer overflows in the
uvm address selection code. Most of these are in code that is
disabled, such as uaddr_lin_select and the sruff dealing with guard
pages (guard_sz/guardsz is currently always 0). But I think the
overflow in uvm_addr_fitspace() and
