[src/trunk]: src/sys/kern rasctl(2): Avoid arithmetic overflow.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1d0fc8a5aff0
branches:  trunk
changeset: 368864:1d0fc8a5aff0
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Aug 08 22:31:45 2022 +0000

description:
rasctl(2): Avoid arithmetic overflow.

Reported-by: syzbot+40b6085d020ae47a6997%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=8fb9b5dee9b056e4f8ad3b937dc5be1296608c5f

diffstat:

 sys/kern/kern_ras.c |  9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diffs (37 lines):

diff -r c62ef1c0bb2d -r 1d0fc8a5aff0 sys/kern/kern_ras.c
--- a/sys/kern/kern_ras.c       Mon Aug 08 20:47:00 2022 +0000
+++ b/sys/kern/kern_ras.c       Mon Aug 08 22:31:45 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_ras.c,v 1.41 2022/08/03 09:40:25 riastradh Exp $  */
+/*     $NetBSD: kern_ras.c,v 1.42 2022/08/08 22:31:45 riastradh Exp $  */
 
 /*-
  * Copyright (c) 2002, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ras.c,v 1.41 2022/08/03 09:40:25 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ras.c,v 1.42 2022/08/08 22:31:45 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -218,16 +218,15 @@
 ras_purge(void *addr, size_t len)
 {
        struct ras *rp, **link;
-       void *endaddr;
        proc_t *p;
 
-       endaddr = (char *)addr + len;
        p = curproc;
 
        mutex_enter(&p->p_auxlock);
        link = &p->p_raslist;
        for (rp = *link; rp != NULL; link = &rp->ras_next, rp = *link) {
-               if (addr == rp->ras_startaddr && endaddr == rp->ras_endaddr)
+               if (addr == rp->ras_startaddr &&
+                   (char *)rp->ras_endaddr - (char *)rp->ras_startaddr == len)
                        break;
        }
        if (rp != NULL) {