From 0fe0ed8bf88b8aed13fc4533e97b94d2919ac6d5 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Tue, 14 Jul 2009 19:45:36 +0000
Subject: [PATCH] - Change mmap() to fail requests with EINVAL that pass a
 length of 0.  This   behavior is mandated by POSIX. - Do not fail requests
 that pass a length greater than SSIZE_MAX   (such as > 2GB on 32-bit
 platforms).  The 'len' parameter is actually   an unsigned 'size_t' so
 negative values don't really make sense.

Submitted by:	Alexander Best  alexbestms at math.uni-muenster.de
Reviewed by:	alc
Approved by:	re (kib)
MFC after:	1 week
---
 lib/libc/sys/mmap.2 | 4 ++--
 sys/vm/vm_mmap.c    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2
index 196d6aef77c..91bf4e950af 100644
--- a/lib/libc/sys/mmap.2
+++ b/lib/libc/sys/mmap.2
@@ -28,7 +28,7 @@
 .\"	@(#)mmap.2	8.4 (Berkeley) 5/11/95
 .\" $FreeBSD$
 .\"
-.Dd October 24, 2008
+.Dd July 14, 2009
 .Dt MMAP 2
 .Os
 .Sh NAME
@@ -306,7 +306,7 @@ resides out of the valid address space for a user process.
 The
 .Fa len
 argument
-was negative.
+was equal to zero.
 .It Bq Er EINVAL
 .Dv MAP_ANON
 was specified and the
diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index cc7a0f42c04..2b99e3653df 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -229,7 +229,7 @@ mmap(td, uap)
 
 	fp = NULL;
 	/* make sure mapping fits into numeric range etc */
-	if ((ssize_t) uap->len < 0 ||
+	if (uap->len == 0 ||
 	    ((flags & MAP_ANON) && uap->fd != -1))
 		return (EINVAL);