Improve range check to protect against overflow.

ok patrick@

diff --git a/sys/arch/arm64/dev/aplpmu.c b/sys/arch/arm64/dev/aplpmu.c
index b57d799..b77c3cd 100644 (file)
--- a/sys/arch/arm64/dev/aplpmu.c
+++ b/sys/arch/arm64/dev/aplpmu.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: aplpmu.c,v 1.6 2022/10/12 13:39:50 kettenis Exp $     */
+/*     $OpenBSD: aplpmu.c,v 1.7 2022/12/12 18:45:01 kettenis Exp $     */
 /*
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -212,7 +212,7 @@ aplpmu_nvmem_read(void *cookie, bus_addr_t addr, void *data, bus_size_t size)
        struct aplpmu_nvmem *an = cookie;
        struct aplpmu_softc *sc = an->an_sc;
 
-       if (addr >= an->an_size || addr + size > an->an_size)
+       if (addr >= an->an_size || size > an->an_size - addr)
                return EINVAL;
 
        return spmi_cmd_read(sc->sc_tag, sc->sc_sid, SPMI_CMD_EXT_READL,
@@ -226,7 +226,7 @@ aplpmu_nvmem_write(void *cookie, bus_addr_t addr, const void *data,
        struct aplpmu_nvmem *an = cookie;
        struct aplpmu_softc *sc = an->an_sc;
 
-       if (addr >= an->an_size || addr + size > an->an_size)
+       if (addr >= an->an_size || size > an->an_size - addr)
                return EINVAL;
 
        return spmi_cmd_write(sc->sc_tag, sc->sc_sid, SPMI_CMD_EXT_WRITEL,