Author: bonefish Date: 2010-06-21 16:28:07 +0200 (Mon, 21 Jun 2010) New Revision: 37192 Changeset: http://dev.haiku-os.org/changeset/37192/haiku Modified: haiku/trunk/src/system/kernel/arch/x86/paging/32bit/X86VMTranslationMap32Bit.cpp Log: UnmapPages(): Avoid potential integer overflow. Modified: haiku/trunk/src/system/kernel/arch/x86/paging/32bit/X86VMTranslationMap32Bit.cpp =================================================================== --- haiku/trunk/src/system/kernel/arch/x86/paging/32bit/X86VMTranslationMap32Bit.cpp 2010-06-21 13:58:05 UTC (rev 37191) +++ haiku/trunk/src/system/kernel/arch/x86/paging/32bit/X86VMTranslationMap32Bit.cpp 2010-06-21 14:28:07 UTC (rev 37192) @@ -332,26 +332,27 @@ X86VMTranslationMap32Bit::UnmapPages(VMArea* area, addr_t base, size_t size, bool updatePageQueue) { - page_directory_entry* pd = fPagingStructures->pgdir_virt; + if (size == 0) + return; addr_t start = base; - addr_t end = base + size; + addr_t end = base + size - 1; TRACE("X86VMTranslationMap32Bit::UnmapPages(%p, %#" B_PRIxADDR ", %#" B_PRIxADDR ")\n", area, start, end); + page_directory_entry* pd = fPagingStructures->pgdir_virt; + VMAreaMappings queue; RecursiveLocker locker(fLock); - while (start < end) { + do { int index = VADDR_TO_PDENT(start); if ((pd[index] & X86_PDE_PRESENT) == 0) { // no page table here, move the start up to access the next page // table - start = ROUNDUP(start + 1, B_PAGE_SIZE * 1024); - if (start == 0) - break; + start = ROUNDUP(start + 1, kPageTableAlignment); continue; } @@ -429,10 +430,8 @@ Flush(); // flush explicitly, since we directly use the lock + } while (start != 0 && start < end); - pinner.Unlock(); - } - // TODO: As in UnmapPage() we can lose page dirty flags here. ATM it's not // really critical here, as in all cases this method is used, the unmapped // area range is unmapped for good (resized/cut) and the pages will likely