OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

dm: fix possible buffer overflow in 'acrn_load_elf()' 

Will attempt to access element 2048..2049 of
  array "ptr32" if below conditions are both true:
  1) ptr32[i] == MULTIBOOT_HEAD_MAGIC
  2) (i == (ELF_BUF_LEN/4) - 1)

Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Fengwei Yin <fengwei.yin@intel.com>
This commit is contained in:
Yonghua Huang 2018-10-25 22:53:03 +08:00 committed by Xie, Nanlin
parent dc7df1cd0f
commit 8860af3b4c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devicemodel/core/sw_load_elf.c
View File

@ -194,7 +194,7 @@ acrn_load_elf(struct vmctx *ctx, char *elf_file_name, unsigned long *entry,
* info prepared.
*/
ptr32 = (unsigned int *) elf_buf;
for (i = 0; i < ELF_BUF_LEN/4; i++) {
for (i = 0; i <= ((ELF_BUF_LEN/4) - 3); i++) {
if (ptr32[i] == MULTIBOOT_HEAD_MAGIC) {
int j = 0;
unsigned int sum = 0;