[HUST CSE][lwp] reject wrapped user copy ranges

[Telecaster2147]

拉取/合并请求描述：(PR description)

[

为什么提交这份PR (why to submit this PR)

lwp_get_from_user() 和 lwp_put_to_user() 在校验用户缓冲区尾地址时，直接使用了 addr + size。当 size 足够大时，这个加法可能发生回绕，可能导致越界范围被错误地判断为合法用户地址区间。

你的解决方案是什么 (what is your solution)

直接将用户地址范围检查统一到 lwp_user_range_is_valid()函数，并在检查中显式拒绝以下情况：

• addr == RT_NULL
• 起始地址落在用户地址空间之外
• addr + size 发生整数回绕
• 结束地址越过 USER_VADDR_TOP

lwp_get_from_user和 lwp_put_to_user()均复用该检查逻辑，非法范围继续返回 0

请提供验证的bsp和config (provide the config and bsp)

• BSP: bsp/qemu-vexpress-a9

• .config: 使用 bsp/qemu-vexpress-a9/.config进行基础编译验证，不引入新的功能配置项。

• action: https://github.com/Telecaster2147/rt-thread/actions/runs/23440597624

]

当前拉取/合并请求的状态 Intent for your PR

必须选择一项 Choose one (Mandatory):

• 本拉取/合并请求是一个草稿版本 This PR is for a code-review and is intended to get feedback
• 本拉取/合并请求是一个成熟版本 This PR is mature, and ready to be integrated into the repo

代码质量 Code Quality：

我在这个拉取/合并请求中已经考虑了 As part of this pull request, I've considered the following:

• 已经仔细查看过代码改动的对比 Already check the difference between PR and old code
• 代码风格正确，包括缩进空格，命名及其他风格 Style guide is adhered to, including spacing, naming and other styles
• 没有垃圾代码，代码尽量精简，不包含#if 0代码，不包含已经被注释了的代码 All redundant code is removed and cleaned up
• 所有变更均有原因及合理的，并且不会影响到其他软件组件代码或BSP All modifications are justified and not affect other components or BSP
• 对难懂代码均提供对应的注释 I've commented appropriately where code is tricky
• 代码是高质量的 Code in this PR is of high quality
• 已经使用formatting 等源码格式化工具确保格式符合RT-Thread代码规范 This PR complies with RT-Thread code specification
• 如果是新增bsp, 已经添加ci检查到.github/ALL_BSP_COMPILE.json 详细请参考链接BSP自查

[github-actions]

👋 感谢您对 RT-Thread 的贡献！Thank you for your contribution to RT-Thread!

为确保代码符合 RT-Thread 的编码规范，请在你的仓库中执行以下步骤运行代码格式化工作流（如果格式化CI运行失败）。
To ensure your code complies with RT-Thread's coding style, please run the code formatting workflow by following the steps below (If the formatting of CI fails to run).

---

🛠 操作步骤 | Steps

1. 前往 Actions 页面 | Go to the Actions page
   点击进入工作流 → | Click to open workflow →

2. 点击 Run workflow | Click Run workflow

• 设置需排除的文件/目录（目录请以"/"结尾）
  Set files/directories to exclude (directories should end with "/")
• 将目标分支设置为 \ Set the target branch to：security/lwp-user-copy-overflow
• 设置PR number为 \ Set the PR number to：11291

3. 等待工作流完成 | Wait for the workflow to complete
   格式化后的代码将自动推送至你的分支。
   The formatted code will be automatically pushed to your branch.

完成后，提交将自动更新至 security/lwp-user-copy-overflow 分支，关联的 Pull Request 也会同步更新。
Once completed, commits will be pushed to the security/lwp-user-copy-overflow branch automatically, and the related Pull Request will be updated.

如有问题欢迎联系我们，再次感谢您的贡献！💐
If you have any questions, feel free to reach out. Thanks again for your contribution!

[github-actions]

📌 Code Review Assignment

🏷️ Tag: components

Reviewers: @Maihuanyi

Changed Files (Click to expand)

• components/lwp/lwp_user_mm.c

🏷️ Tag: components_lwp

Reviewers: @xu18838022837

Changed Files (Click to expand)

• components/lwp/lwp_user_mm.c

---

📊 Current Review Status (Last Updated: 2026-03-23 21:42 CST)

• ⌛ @Maihuanyi Pending Review
• ⌛ @xu18838022837 Pending Review

---

📝 Review Instructions

1. 维护者可以通过单击此处来刷新审查状态: 🔄 刷新状态
   Maintainers can refresh the review status by clicking here: 🔄 Refresh Status

2. 确认审核通过后评论 LGTM/lgtm
   Comment LGTM/lgtm after confirming approval

3. PR合并前需至少一位维护者确认
   PR must be confirmed by at least one maintainer before merging

ℹ️ 刷新CI状态操作需要具备仓库写入权限。
ℹ️ Refresh CI status operation requires repository Write permission.

[CLAassistant]

All committers have signed the CLA.