:: commit 5156d1bd515e3d40dd6774da53459da00f61e669
protos/multiboot: Check for overflow in load_size + bss_size
diff --git a/common/protos/multiboot1.c b/common/protos/multiboot1.c
index 06f761d6..eed18d81 100644
--- a/common/protos/multiboot1.c
+++ b/common/protos/multiboot1.c
@@ -144,7 +144,8 @@ noreturn void multiboot1_load(char *config, char *cmdline) {
panic(true, "multiboot1: load_src + load_size exceeds kernel file size");
}
- size_t full_size = load_size + bss_size;
+ size_t full_size = CHECKED_ADD(load_size, bss_size,
+ panic(true, "multiboot1: load_size + bss_size overflow"));
void *elsewhere = ext_mem_alloc(full_size);
diff --git a/common/protos/multiboot2.c b/common/protos/multiboot2.c
index 8ac00741..088f095e 100644
--- a/common/protos/multiboot2.c
+++ b/common/protos/multiboot2.c
@@ -337,7 +337,8 @@ noreturn void multiboot2_load(char *config, char* cmdline) {
panic(true, "multiboot2: load_src + load_size exceeds kernel file size");
}
- size_t full_size = load_size + bss_size;
+ size_t full_size = CHECKED_ADD(load_size, bss_size,
+ panic(true, "multiboot2: load_size + bss_size overflow"));
void *elsewhere = ext_mem_alloc(full_size);
