From ed25ee6761578241d096412628725a9b9638cee5 Mon Sep 17 00:00:00 2001
From: Max Wash <mbswash@gmail.com>
Date: Sat, 21 Feb 2026 11:07:12 +0000
Subject: [PATCH] vm: object: fix iterator using wrong buffer offset when seek
 exceeds current buffer size

---
 vm/vm-object.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/vm/vm-object.c b/vm/vm-object.c
index 4be48a7..c7e3c31 100644
--- a/vm/vm-object.c
+++ b/vm/vm-object.c
@@ -96,8 +96,12 @@ static kern_status_t object_iterator_seek(
 	}
 
 	if (it->it_pg) {
-		it->it_buf = vm_page_get_vaddr(it->it_pg);
+		virt_addr_t vaddr = (virt_addr_t)vm_page_get_vaddr(it->it_pg);
+		vaddr += (it->it_offset & VM_PAGE_MASK);
+
+		it->it_buf = (void *)vaddr;
 		it->it_max = vm_page_get_size_bytes(it->it_pg);
+		it->it_max -= (it->it_offset & VM_PAGE_MASK);
 	} else {
 		struct btree_node *n = btree_first(&it->it_obj->vo_pages);
 		struct vm_page *pg
@@ -112,8 +116,9 @@ static kern_status_t object_iterator_seek(
 		}
 
 		it->it_buf = NULL;
-		it->it_max = pg ? pg->p_vmo_offset
-		                : it->it_obj->vo_size - it->it_offset;
+		it->it_max
+			= pg ? pg->p_vmo_offset - (it->it_offset & VM_PAGE_MASK)
+		             : it->it_obj->vo_size - it->it_offset;
 	}
 
 	return KERN_OK;