From 98c1cf73ffec377a612930f08ced0e527414bc03 Mon Sep 17 00:00:00 2001
From: Anton Kling <anton@kling.gg>
Date: Thu, 2 May 2024 22:30:02 +0200
Subject: Bug: Kernel: Bounds check array access

---
 kernel/arch/i386/mmu.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'kernel/arch')

diff --git a/kernel/arch/i386/mmu.c b/kernel/arch/i386/mmu.c
index bdb4bd6..8d1f9af 100644
--- a/kernel/arch/i386/mmu.c
+++ b/kernel/arch/i386/mmu.c
@@ -157,6 +157,9 @@ int get_free_frame(u32 *frame) {
 
 int write_to_frame(u32 frame_address, u8 on) {
   u32 frame = frame_address / 0x1000;
+    if (INDEX_FROM_BIT(frame) >= num_array_frames) {
+      return 0;
+    }
   if (on) {
     int frame_is_used = (0 != (tmp_small_frames[INDEX_FROM_BIT(frame)] &
                                ((u32)0x1 << OFFSET_FROM_BIT(frame))));
-- 
cgit v1.2.3