Fix potential integer overflow in SGX memory range calculation.

[rust.git] / src / libstd / sys / sgx / abi / mem.rs

diff --git a/src/libstd/sys/sgx/abi/mem.rs b/src/libstd/sys/sgx/abi/mem.rs
index 09552d5b4af295b1d6c29ca2570980f4c8d3ee27..d9051733da24dace89662b70f3fd479bdfbfc1a8 100644 (file)
--- a/src/libstd/sys/sgx/abi/mem.rs
+++ b/src/libstd/sys/sgx/abi/mem.rs
@@ -17,27 +17,33 @@ pub(crate) unsafe fn rel_ptr_mut<T>(offset: u64) -> *mut T {
 // Do not remove inline: will result in relocation failure
 // For the same reason we use inline ASM here instead of an extern static to
 // locate the base
+/// Returns address at which current enclave is loaded.
 #[inline(always)]
-fn image_base() -> u64 {
+#[unstable(feature = "sgx_platform", issue = "56975")]
+pub fn image_base() -> u64 {
     let base;
     unsafe { asm!("lea IMAGE_BASE(%rip),$0":"=r"(base)) };
     base
 }
 
 /// Returns `true` if the specified memory range is in the enclave.
+///
+/// `p + len` must not overflow.
 #[unstable(feature = "sgx_platform", issue = "56975")]
 pub fn is_enclave_range(p: *const u8, len: usize) -> bool {
-    let start=p as u64;
-    let end=start + (len as u64);
+    let start = p as u64;
+    let end = start + (len as u64);
     start >= image_base() &&
         end <= image_base() + (unsafe { ENCLAVE_SIZE } as u64) // unsafe ok: link-time constant
 }
 
 /// Returns `true` if the specified memory range is in userspace.
+///
+/// `p + len` must not overflow.
 #[unstable(feature = "sgx_platform", issue = "56975")]
 pub fn is_user_range(p: *const u8, len: usize) -> bool {
-    let start=p as u64;
-    let end=start + (len as u64);
+    let start = p as u64;
+    let end = start + (len as u64);
     end <= image_base() ||
         start >= image_base() + (unsafe { ENCLAVE_SIZE } as u64) // unsafe ok: link-time constant
 }