:: commit fa58882297a69959f7de2635272c5e6c3cf628c4
protos/multiboot: Validate load_size against kernel file size
diff --git a/common/protos/multiboot1.c b/common/protos/multiboot1.c
index 78fa207a..b80d92ce 100644
--- a/common/protos/multiboot1.c
+++ b/common/protos/multiboot1.c
@@ -134,6 +134,10 @@ noreturn void multiboot1_load(char *config, char *cmdline) {
bss_size = header.bss_end_addr - bss_addr;
}
+ if (load_src + load_size > kernel_file_size) {
+ panic(true, "multiboot1: load_src + load_size exceeds kernel file size");
+ }
+
size_t full_size = load_size + bss_size;
void *elsewhere = ext_mem_alloc(full_size);
diff --git a/common/protos/multiboot2.c b/common/protos/multiboot2.c
index 80cc9f7b..ed7930ac 100644
--- a/common/protos/multiboot2.c
+++ b/common/protos/multiboot2.c
@@ -303,6 +303,10 @@ noreturn void multiboot2_load(char *config, char* cmdline) {
bss_size = addresstag->bss_end_addr - bss_addr;
}
+ if (load_src + load_size > kernel_file_size) {
+ panic(true, "multiboot2: load_src + load_size exceeds kernel file size");
+ }
+
size_t full_size = load_size + bss_size;
void *elsewhere = ext_mem_alloc(full_size);
