From e27b77c6ec1ccd9d4fcf365657b8c69cb49aff41 Mon Sep 17 00:00:00 2001
From: Ruihan Li <lrh2000@pku.edu.cn>
Date: Tue, 13 Jan 2026 23:23:36 +0800
Subject: [PATCH] Fix checks for `VmarMapOptions::offset`

---
 kernel/src/process/process_vm/heap.rs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/kernel/src/process/process_vm/heap.rs b/kernel/src/process/process_vm/heap.rs
index 9d37c2bb4..0c2046207 100644
--- a/kernel/src/process/process_vm/heap.rs
+++ b/kernel/src/process/process_vm/heap.rs
@@ -8,7 +8,10 @@ use crate::{
     prelude::*,
     process::ResourceType,
     util::random::getrandom,
-    vm::{perms::VmPerms, vmar::Vmar},
+    vm::{
+        perms::VmPerms,
+        vmar::{VMAR_CAP_ADDR, Vmar},
+    },
 };
 
 #[derive(Debug)]
@@ -52,6 +55,10 @@ impl Heap {
         };
 
         let heap_start = heap_base.align_up(PAGE_SIZE) + nr_pages_padding * PAGE_SIZE;
+        let heap_end = heap_start + PAGE_SIZE;
+        if heap_end > VMAR_CAP_ADDR {
+            return_errno_with_message!(Errno::ENOMEM, "the mapping address is too large");
+        }
 
         let vmar_map_options = {
             let perms = VmPerms::READ | VmPerms::WRITE;
@@ -62,7 +69,7 @@ impl Heap {
         debug_assert!(inner.is_none());
         *inner = Some(HeapInner {
             data_segment_size,
-            heap_range: heap_start..heap_start + PAGE_SIZE,
+            heap_range: heap_start..heap_end,
         });
 
         Ok(())