From f0108a7c6131daa0dc2d898b05d9012f1ea3f945 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Tue, 27 Sep 2011 15:27:55 +0200 Subject: fix copy out-of-line data when length >= 512MB * ipc/ipc_kmsg.c (ipc_kmsg_copyin_body): Change length type to unsigned64_t. Cast number to unsigned64_t. (ipc_kmsg_copyout_body): Likewise. --- ipc/ipc_kmsg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'ipc/ipc_kmsg.c') diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index a12c947..c2689a4 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -1368,7 +1368,7 @@ ipc_kmsg_copyin_body(kmsg, space, map) mach_msg_type_number_t number; boolean_t is_inline, longform, dealloc, is_port; vm_offset_t data; - vm_size_t length; + unsigned64_t length; kern_return_t kr; type = (mach_msg_type_long_t *) saddr; @@ -1419,7 +1419,7 @@ ipc_kmsg_copyin_body(kmsg, space, map) /* calculate length of data in bytes, rounding up */ - length = ((number * size) + 7) >> 3; + length = (((unsigned64_t) number * size) + 7) >> 3; if (is_inline) { vm_size_t amount; @@ -2382,7 +2382,7 @@ ipc_kmsg_copyout_body(saddr, eaddr, space, map) mach_msg_type_size_t size; mach_msg_type_number_t number; boolean_t is_inline, longform, is_port; - vm_size_t length; + unsigned64_t length; vm_offset_t addr; type = (mach_msg_type_long_t *) saddr; @@ -2413,7 +2413,7 @@ ipc_kmsg_copyout_body(saddr, eaddr, space, map) /* calculate length of data in bytes, rounding up */ - length = ((number * size) + 7) >> 3; + length = (((unsigned64_t) number * size) + 7) >> 3; is_port = MACH_MSG_TYPE_PORT_ANY(name); -- cgit v1.2.3