From 4ee2a016fdaf98a8f34f76ced3a215aff1f5e3c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= <gustav@sornas.net>
Date: Sun, 14 Mar 2021 13:38:21 +0100
Subject: also check other end of passed buffers

---
 src/userprog/build/fail | 0
 src/userprog/syscall.c  | 4 +++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 delete mode 100644 src/userprog/build/fail

(limited to 'src/userprog')

diff --git a/src/userprog/build/fail b/src/userprog/build/fail
deleted file mode 100644
index e69de29..0000000
diff --git a/src/userprog/syscall.c b/src/userprog/syscall.c
index e845edb..8f4a08e 100644
--- a/src/userprog/syscall.c
+++ b/src/userprog/syscall.c
@@ -205,7 +205,7 @@ syscall_handler (struct intr_frame *f UNUSED)
   tid_t *child_tid;
   unsigned *size;
   void **buf;
-  
+
   switch (*syscall_number) {
     case 0:
       // halt
@@ -255,6 +255,7 @@ syscall_handler (struct intr_frame *f UNUSED)
       CHECK_PTR_AND_MAYBE_EXIT (buf);
       CHECK_PTR_AND_MAYBE_EXIT (*buf);
       CHECK_PTR_AND_MAYBE_EXIT (size);
+      CHECK_PTR_AND_MAYBE_EXIT (*buf + *size);
       f->eax = read (*fd_i, *buf, *size);
       break;
     case 9:
@@ -266,6 +267,7 @@ syscall_handler (struct intr_frame *f UNUSED)
       CHECK_PTR_AND_MAYBE_EXIT (buf);
       CHECK_PTR_AND_MAYBE_EXIT (*buf);
       CHECK_PTR_AND_MAYBE_EXIT (size);
+      CHECK_PTR_AND_MAYBE_EXIT (*buf + *size);
       f->eax = write (*fd_i, *buf, *size);
       break;
     case 12:
-- 
cgit v1.2.1