elf: fix NT_FILE integer overflow (60c9d92f) · Commits · Mirrors / github.com / raspberrypi_linux

Commit 60c9d92f authored Feb 06, 2018 by

Alexey Dobriyan Committed by Linus Torvalds Feb 06, 2018

elf: fix NT_FILE integer overflow

If vm.max_map_count bumped above 2^26 (67+ mil) and system has enough RAM
to allocate all the VMAs (~12.8 GB on Fedora 27 with 200-byte VMAs), then
it should be possible to overflow 32-bit "size", pass paranoia check,
allocate very little vmalloc space and oops while writing into vmalloc
guard page...

But I didn't test this, only coredump of regular process.

Link: http://lkml.kernel.org/r/20180112203427.GA9109@avx2


Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 2d453e3b

Hide whitespace changes

Inline Side-by-side

Please register or to comment