diff options
| -rw-r--r-- | fs/romfs/mmap-nommu.c | 8 | 
1 files changed, 6 insertions, 2 deletions
| diff --git a/fs/romfs/mmap-nommu.c b/fs/romfs/mmap-nommu.c index f0511e81696..eed99428f10 100644 --- a/fs/romfs/mmap-nommu.c +++ b/fs/romfs/mmap-nommu.c @@ -27,14 +27,18 @@ static unsigned long romfs_get_unmapped_area(struct file *file,  {  	struct inode *inode = file->f_mapping->host;  	struct mtd_info *mtd = inode->i_sb->s_mtd; -	unsigned long isize, offset; +	unsigned long isize, offset, maxpages, lpages;  	if (!mtd)  		goto cant_map_directly; +	/* the mapping mustn't extend beyond the EOF */ +	lpages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;  	isize = i_size_read(inode);  	offset = pgoff << PAGE_SHIFT; -	if (offset > isize || len > isize || offset > isize - len) + +	maxpages = (isize + PAGE_SIZE - 1) >> PAGE_SHIFT; +	if ((pgoff >= maxpages) || (maxpages - pgoff < lpages))  		return (unsigned long) -EINVAL;  	/* we need to call down to the MTD layer to do the actual mapping */ | 
