jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

sys_size is only 16 bits and can wrap around

Browse Source 
committer: jreiser <jreiser> 977374512 +0000
This commit is contained in:
John Reiser 2000-12-21 04:55:12 +00:00
parent adcb357242
commit 1dcaedab30
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/p_vmlinz.cpp
View File

@ -95,7 +95,8 @@ int PackVmlinuzI386::readFileHeader()
setup_size = (1 + (h.setup_sects ? h.setup_sects : 4)) * 0x200; setup_size = (1 + (h.setup_sects ? h.setup_sects : 4)) * 0x200;
if (setup_size <= 0 || setup_size >= file_size) if (setup_size <= 0 || setup_size >= file_size)
return -1; return -1;
if (setup_size + 16 * h.sys_size != (unsigned) ALIGN_UP(file_size, 16)) if (setup_size + 16 * h.sys_size // beware 16-bit sys_size
!= (~(~0u<<20) & (unsigned) ALIGN_UP(file_size, 16)) )
return -1; return -1;
// FIXME: add more checks for a valid kernel // FIXME: add more checks for a valid kernel