From 2ecc7612c30613f985e2ba9049e390002ac3e2ca Mon Sep 17 00:00:00 2001
From: Bahadir Balban <bbalban@b-labs.co.uk>
Date: Fri, 14 Mar 2008 15:36:25 +0000
Subject: [PATCH] Fixed the error that file length was referenced without
 checking that the file pointer was valid.

---
 tasks/mm0/src/mmap.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tasks/mm0/src/mmap.c b/tasks/mm0/src/mmap.c
index ef93ab4..49a1ce8 100644
--- a/tasks/mm0/src/mmap.c
+++ b/tasks/mm0/src/mmap.c
@@ -454,17 +454,22 @@ unsigned long find_unmapped_area(unsigned long npages, struct tcb *task)
 int do_mmap(struct vm_file *mapfile, unsigned long file_offset, struct tcb *task,
 	    unsigned long map_address, unsigned int flags, unsigned int npages)
 {
-	unsigned long file_npages = __pfn(page_align_up(mapfile->length));
+	unsigned long file_npages;
 	unsigned long map_pfn = __pfn(map_address);
 	struct vm_area *new, *mapped;
 
+	/* Set up devzero if none given */
 	if (!mapfile) {
 	       if (flags & VMA_ANONYMOUS) {
 			mapfile = get_devzero();
 			file_offset = 0;
 	       } else
 			BUG();
-	} else if (npages > file_npages - file_offset) {
+	}
+
+	/* Get total file pages, check if mappin is within file size */
+	file_npages = __pfn(page_align_up(mapfile->length));
+	if (npages > file_npages - file_offset) {
 		printf("%s: Trying to map %d pages from page %d, "
 		       "but file length is %d\n", __FUNCTION__,
 		       npages, file_offset, file_npages);