diff --git a/ipc/shm.c b/ipc/shm.c index 2b64b0d25bba4054493c4e3019de5342f95c5c1d..dda8f1ff3c352105f1e1549ac6e3971ef0425251 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1160,6 +1160,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, down_write(¤t->mm->mmap_sem); if (addr && !(shmflg & SHM_REMAP)) { err = -EINVAL; + if (addr + size < addr) + goto invalid; + if (find_vma_intersection(current->mm, addr, addr + size)) goto invalid; /*