Added 2 checks to mapping function - one for overflow (virtual address +

size wraparound), one to see if the size fits in the designated segment.

It seems this check wasn't done. This came to light when trying to pre-check
the users buffer for read() and write() in using the vectored virtual
copy system call in servers/fs/read.c.

kernel/system.c

@@ -315,6 +315,7 @@ vir_bytes bytes;		/* # of bytes to be copied */
   return 0;
 }
 
+
 /*===========================================================================*
  *				umap_local				     *
  *===========================================================================*/
@@ -341,6 +342,7 @@ vir_bytes bytes;		/* # of bytes to be copied */
    */
 
   if (bytes <= 0) return( (phys_bytes) 0);
+  if (vir_addr + bytes <= vir_addr) return 0;	/* overflow */
   vc = (vir_addr + bytes - 1) >> CLICK_SHIFT;	/* last click of data */
 
 #if (CHIP == INTEL) || (CHIP == M68000)
@@ -353,6 +355,10 @@ vir_bytes bytes;		/* # of bytes to be copied */
 
   if((vir_addr>>CLICK_SHIFT) >= rp->p_memmap[seg].mem_vir + 
   	rp->p_memmap[seg].mem_len) return( (phys_bytes) 0 );
+
+  if(vc >= rp->p_memmap[seg].mem_vir + 
+  	rp->p_memmap[seg].mem_len) return( (phys_bytes) 0 );
+
 #if (CHIP == INTEL)
   seg_base = (phys_bytes) rp->p_memmap[seg].mem_phys;
   seg_base = seg_base << CLICK_SHIFT;	/* segment origin in bytes */
@@ -369,7 +375,6 @@ vir_bytes bytes;		/* # of bytes to be copied */
 #endif
 }
 
-
 /*==========================================================================*
  *				numap_local				    *
  *==========================================================================*/