-
Andrew Morton authored
From: Julie DeWandel <jdewand@redhat.com> A problem exists where a 32-bit application can have a huge bss, one that is so large that an overflow of the TASK_SIZE happens. But in this case, the overflow is not detected in load_elf_binary(). Instead, because arithmetic is being done using 32-bit containers, a truncation occurs and the program gets loaded when it shouldn't have been. Subsequent execution yields unpredictable results. The attached patch fixes this problem by checking for the overflow condition and sending a SIGKILL to the application if the overflow is detected. This problem can in theory exist when loading the elf interpreter as well, so a similar check was added there.
9b2bc421