Merge "make mmap fail on requests larger than PTRDIFF_MAX"

commit: 198d13e8c25e69f7dbda3f5e1a3258b13fe8db5d [log] [tgz]
author: Josh Gao <jmgao@google.com> Wed Oct 14 02:17:10 2015 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Oct 14 02:17:10 2015 +0000
tree: 465078034a19ad899b9a2d60110f3d66613e1ba6
parent: 11c2179d468bba3336c3a3e8418ddaa98f58afce [diff]
parent: 5ca66528c5e02655d79b9930456e31aab887989e [diff]
diff --git a/libc/bionic/mmap.cpp b/libc/bionic/mmap.cpp
index 8f25a89..794f50f 100644
--- a/libc/bionic/mmap.cpp
+++ b/libc/bionic/mmap.cpp

@@ -30,6 +30,7 @@
 #include <sys/mman.h>
 #include <unistd.h>
 
+#include "private/bionic_macros.h"
 #include "private/ErrnoRestorer.h"
 
 // mmap2(2) is like mmap(2), but the offset is in 4096-byte blocks, not bytes.
@@ -45,6 +46,13 @@
     return MAP_FAILED;
   }
 
+  // prevent allocations large enough for `end - start` to overflow
+  size_t rounded = BIONIC_ALIGN(size, PAGE_SIZE);
+  if (rounded < size || size > PTRDIFF_MAX) {
+    errno = ENOMEM;
+    return MAP_FAILED;
+  }
+
   bool is_private_anonymous = (flags & (MAP_PRIVATE | MAP_ANONYMOUS)) != 0;
   void* result = __mmap2(addr, size, prot, flags, fd, offset >> MMAP2_SHIFT);
commit	198d13e8c25e69f7dbda3f5e1a3258b13fe8db5d	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Wed Oct 14 02:17:10 2015 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Oct 14 02:17:10 2015 +0000
tree	465078034a19ad899b9a2d60110f3d66613e1ba6
parent	11c2179d468bba3336c3a3e8418ddaa98f58afce [diff]
parent	5ca66528c5e02655d79b9930456e31aab887989e [diff]