vm_map: Fix bugs on huge masks parameters

* vm/vm_map.c (vm_map_find_entry_anywhere): Also check that (min + mask) &
~mask remains bigger than min.

2 files changed, 5 insertions, 3 deletions

diff --git a/version.m4 b/version.m4
index d6696d62..a2a14602 100644
--- a/version.m4
+++ b/version.m4
@@ -1,4 +1,4 @@
 m4_define([AC_PACKAGE_NAME],[GNU Mach])
-m4_define([AC_PACKAGE_VERSION],[1.8])
+m4_define([AC_PACKAGE_VERSION],[1.8+git20180218])
 m4_define([AC_PACKAGE_BUGREPORT],[bug-hurd@gnu.org])
 m4_define([AC_PACKAGE_TARNAME],[gnumach])
diff --git a/vm/vm_map.c b/vm/vm_map.c
index 4da72d4e..2fd27316 100644
--- a/vm/vm_map.c
+++ b/vm/vm_map.c
@@ -685,7 +685,7 @@ restart:
 		start = (map->min_offset + mask) & ~mask;
 		end = start + size;
 
-		if ((end <= start) || (end > map->max_offset)) {
+		if ((start < map->min_offset) || (end <= start) || (end > map->max_offset)) {
 			goto error;
 		}
 
@@ -699,7 +699,8 @@ restart:
 		start = (entry->vme_end + mask) & ~mask;
 		end = start + size;
 
-		if ((end > start)
+		if ((start >= entry->vme_end)
+		    && (end > start)
 		    && (end <= map->max_offset)
 		    && (end <= (entry->vme_end + entry->gap_size))) {
 			*startp = start;
@@ -738,6 +739,7 @@ restart:
 
 	assert(entry->gap_size >= max_size);
 	start = (entry->vme_end + mask) & ~mask;
+	assert(start >= entry->vme_end);
 	end = start + size;
 	assert(end > start);
 	assert(end <= (entry->vme_end + entry->gap_size));