From a982855f7e424275c06e3a0221985ecf47ceda26 Mon Sep 17 00:00:00 2001
From: bouyer <bouyer@NetBSD.org>
Date: Wed, 16 Mar 2005 14:52:29 +0000
Subject: [PATCH] Sync with i386/locore.S 1.33: Check the passed in address as
 well as determining the maximum length using VM_MAXUSER_ADDRESS in copyinstr
 and copyoutstr.

Problem originally fixed in OpenBSD/i386.
This fix suggested by Charles Hannum (mycroft at netbsd dot org).
---
 sys/arch/xen/i386/locore.S | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/arch/xen/i386/locore.S b/sys/arch/xen/i386/locore.S
index 5f6b961a8f96..35a2ed5894e2 100644
--- a/sys/arch/xen/i386/locore.S
+++ b/sys/arch/xen/i386/locore.S
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.9 2005/03/09 22:39:20 bouyer Exp $	*/
+/*	$NetBSD: locore.S,v 1.10 2005/03/16 14:52:29 bouyer Exp $	*/
 /*	NetBSD: locore.S,v 1.31 2004/08/26 10:12:33 junyoung Exp	*/
 
 /*-
@@ -929,6 +929,7 @@ ENTRY(copyoutstr)
 	 */
 	movl	$VM_MAXUSER_ADDRESS,%eax
 	subl	%edi,%eax
+	jc	_C_LABEL(copystr_efault)
 	cmpl	%edx,%eax
 	jae	1f
 	movl	%eax,%edx
@@ -983,6 +984,7 @@ ENTRY(copyinstr)
 	 */
 	movl	$VM_MAXUSER_ADDRESS,%eax
 	subl	%esi,%eax
+	jc	_C_LABEL(copystr_efault)
 	cmpl	%edx,%eax
 	jae	1f
 	movl	%eax,%edx