From f8a7a4285f588876aabe753c320e10ffdd76dab0 Mon Sep 17 00:00:00 2001
From: Max Wash <mbswash@gmail.com>
Date: Thu, 26 Feb 2026 20:55:17 +0000
Subject: [PATCH] syscall: msg: validate iovec array itself as well as the
 buffers it points to

---
 syscall/msg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/syscall/msg.c b/syscall/msg.c
index 629cdcb..6536f94 100644
--- a/syscall/msg.c
+++ b/syscall/msg.c
@@ -165,6 +165,10 @@ static bool validate_iovec(
 	size_t count,
 	bool rw)
 {
+	if (!validate_access_r(task, iov, count * sizeof(struct iovec))) {
+		return false;
+	}
+
 	for (size_t i = 0; i < count; i++) {
 		bool ok = false;
 		const struct iovec *vec = &iov[i];