diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2023-03-06 01:51:09 +0300 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2023-03-28 15:23:10 -0700 |
| commit | 49840a4a098149067789255bca6894645f411036 (patch) | |
| tree | 0b5cd9d9f8ef1770890352e9a58bc1e39aa89c6c /linux-user/syscall.c | |
| parent | 2f7828b5729337c61e6c58466d0d78af079db42d (diff) | |
| download | focaccia-qemu-49840a4a098149067789255bca6894645f411036.tar.gz focaccia-qemu-49840a4a098149067789255bca6894645f411036.zip | |
accel/tcg: Pass last not end to page_set_flags
Pass the address of the last byte to be changed, rather than the first address past the last byte. This avoids overflow when the last page of the address space is involved. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1528 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 27871641f4..69f740ff98 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4595,7 +4595,7 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, } raddr=h2g((unsigned long)host_raddr); - page_set_flags(raddr, raddr + shm_info.shm_segsz, + page_set_flags(raddr, raddr + shm_info.shm_segsz - 1, PAGE_VALID | PAGE_RESET | PAGE_READ | (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE)); @@ -4625,7 +4625,7 @@ static inline abi_long do_shmdt(abi_ulong shmaddr) for (i = 0; i < N_SHM_REGIONS; ++i) { if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) { shm_regions[i].in_use = false; - page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0); + page_set_flags(shmaddr, shmaddr + shm_regions[i].size - 1, 0); break; } } |