From: Prasad J Pandit <p...@fedoraproject.org>
While loading kernel via multiboot-v1 image, (flags & 0x00010000)
indicates that multiboot header contains valid addresses to load
the kernel image. In that, end of the data segment address
'mh_load_end_addr' should be less than the bss segment address
'mh_bss_end_addr'. Add check to validate that.
Reported-by: CERT CC <cert...@orange.com>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
hw/i386/multiboot.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 46d9c68bf5..d16e32bf4a 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -227,6 +227,10 @@ int load_multiboot(FWCfgState *fw_cfg,
fprintf(stderr, "invalid mh_load_addr address\n");
exit(1);
}
+ if (mh_load_end_addr > mh_bss_end_addr) {
+ fprintf(stderr, "invalid mh_load_end_addr address\n");
+ exit(1);
+ }
uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
uint32_t mb_load_size = 0;
--
2.14.3
