[PATCH] m32r: test before subtraction on unsigned relocation range
From: Roel Kluin
Date: Wed Apr 23 2008 - 12:34:28 EST
relocation is unsigned
Signed-off-by: Roel Kluin <12o3l@xxxxxxxxxx>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..abecedf 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_WORD (value, *location, align);
break;
case R_M32R_18_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x20000 || 0x1fffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffff)
{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
break;
case R_M32R_26_PCREL_RELA:
- relocation = (relocation - (Elf32_Addr) location);
- if (relocation < -0x2000000 || 0x1fffffc < relocation)
+ if (relocation + 0x20000 < (Elf32_Addr) location ||
+ relocation >= 0x1fffc + (Elf32_Addr) location)
{
printk(KERN_ERR "module %s: relocation overflow: %u\n",
- me->name, relocation);
+ me->name, relocation - (Elf32_Addr) location));
return -ENOEXEC;
}
+ relocation = (relocation - (Elf32_Addr) location);
COPY_UNALIGNED_WORD (*location, value, align);
if (value & 0xffffff)
{
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/