fs/binfmt_elf.c: don't be afraid of overflow
Number of ELF program headers is 16-bit by spec, so total size comfortably fits into "unsigned int". Space savings: 7 bytes! add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-7 (-7) Function old new delta load_elf_phdrs 137 130 -7 Link: http://lkml.kernel.org/r/20190204202715.GA27482@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
a218cc4914
commit
faf1c31520
|
@ -418,8 +418,9 @@ static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
|
||||||
struct file *elf_file)
|
struct file *elf_file)
|
||||||
{
|
{
|
||||||
struct elf_phdr *elf_phdata = NULL;
|
struct elf_phdr *elf_phdata = NULL;
|
||||||
int retval, size, err = -1;
|
int retval, err = -1;
|
||||||
loff_t pos = elf_ex->e_phoff;
|
loff_t pos = elf_ex->e_phoff;
|
||||||
|
unsigned int size;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the size of this structure has changed, then punt, since
|
* If the size of this structure has changed, then punt, since
|
||||||
|
@ -429,13 +430,9 @@ static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* Sanity check the number of program headers... */
|
/* Sanity check the number of program headers... */
|
||||||
if (elf_ex->e_phnum < 1 ||
|
|
||||||
elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
/* ...and their total size. */
|
/* ...and their total size. */
|
||||||
size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
|
size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
|
||||||
if (size > ELF_MIN_ALIGN)
|
if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
elf_phdata = kmalloc(size, GFP_KERNEL);
|
elf_phdata = kmalloc(size, GFP_KERNEL);
|
||||||
|
|
Loading…
Reference in New Issue