sys_size is only 16 bits and can wrap around

committer: jreiser <jreiser> 977374512 +0000
2000-12-21 04:55:12 +00:00 · 2000-12-21 04:55:12 +00:00 · 1dcaedab30
commit 1dcaedab30
parent adcb357242
1 changed files with 2 additions and 1 deletions
--- a/src/p_vmlinz.cpp
+++ b/src/p_vmlinz.cpp
@ -95,7 +95,8 @@ int PackVmlinuzI386::readFileHeader()
    setup_size = (1 + (h.setup_sects ? h.setup_sects : 4)) * 0x200;
    if (setup_size <= 0 || setup_size >= file_size)
        return -1;
-    if (setup_size + 16 * h.sys_size != (unsigned) ALIGN_UP(file_size, 16))
+    if (setup_size + 16 * h.sys_size  // beware 16-bit sys_size
+    != (~(~0u<<20) & (unsigned) ALIGN_UP(file_size, 16)) )
        return -1;

    // FIXME: add more checks for a valid kernel