• Andrew Morton's avatar
    [PATCH] binfmt_elf.c fix for 32-bit apps with large bss · 9b2bc421
    Andrew Morton authored
    From: Julie DeWandel <jdewand@redhat.com>
    
    A problem exists where a 32-bit application can have a huge bss, one that
    is so large that an overflow of the TASK_SIZE happens.  But in this case,
    the overflow is not detected in load_elf_binary().  Instead, because
    arithmetic is being done using 32-bit containers, a truncation occurs and
    the program gets loaded when it shouldn't have been.  Subsequent execution
    yields unpredictable results.
    
    The attached patch fixes this problem by checking for the overflow
    condition and sending a SIGKILL to the application if the overflow is
    detected.  This problem can in theory exist when loading the elf
    interpreter as well, so a similar check was added there.
    9b2bc421
binfmt_elf.c 41.6 KB