From patchwork Mon Dec 23 19:43:30 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aaro Koskinen <aaro.koskinen@iki.fi>
X-Patchwork-Id: 304841
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <sparclinux-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id AF2C02C00A8
	for <patchwork-incoming@ozlabs.org>;
	Tue, 24 Dec 2013 06:44:02 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757621Ab3LWTn6 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 23 Dec 2013 14:43:58 -0500
Received: from filtteri1.pp.htv.fi ([213.243.153.184]:48397 "EHLO
	filtteri1.pp.htv.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757774Ab3LWTny (ORCPT
	<rfc822; sparclinux@vger.kernel.org>); Mon, 23 Dec 2013 14:43:54 -0500
Received: from localhost (localhost [127.0.0.1])
	by filtteri1.pp.htv.fi (Postfix) with ESMTP id D371621B848;
	Mon, 23 Dec 2013 21:43:52 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from smtp5.welho.com ([213.243.153.39])
	by localhost (filtteri1.pp.htv.fi [213.243.153.184]) (amavisd-new,
	port 10024)
	with ESMTP id WRYa8-z+ZV6a; Mon, 23 Dec 2013 21:43:48 +0200 (EET)
Received: from blackmetal.bb.dnainternet.fi (91-145-91-118.bb.dnainternet.fi
	[91.145.91.118])
	by smtp5.welho.com (Postfix) with ESMTP id A8A235BC00E;
	Mon, 23 Dec 2013 21:43:47 +0200 (EET)
From: Aaro Koskinen <aaro.koskinen@iki.fi>
To: sparclinux@vger.kernel.org
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Subject: [PATCH v2 08/11] tilo: check kernel space limits
Date: Mon, 23 Dec 2013 21:43:30 +0200
Message-Id: <1387827813-8279-9-git-send-email-aaro.koskinen@iki.fi>
X-Mailer: git-send-email 1.8.5.1
In-Reply-To: <1387827813-8279-1-git-send-email-aaro.koskinen@iki.fi>
References: <1387827813-8279-1-git-send-email-aaro.koskinen@iki.fi>
Sender: sparclinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <sparclinux.vger.kernel.org>
X-Mailing-List: sparclinux@vger.kernel.org

Sanity check the space available for kernel decompression.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
---
 tilo/tilo.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tilo/tilo.c b/tilo/tilo.c
index afbd848d9814..dc626efc7b02 100644
--- a/tilo/tilo.c
+++ b/tilo/tilo.c
@@ -175,6 +175,7 @@ char *my_main (struct linux_romvec *promvec, void *cifh, void *cifs)
 char *orig_code,*moved_code,*moved_ramdisk,*moved_kernel,*kernel_base;
 unsigned *p,*q = NULL;
 int kernel_number;
+char *kernel_end, *kernel_limit;
 
     prom_init(promvec, cifh, cifs);
     
@@ -215,9 +216,16 @@ int kernel_number;
 
     gzminp = (unsigned char *)moved_kernel;		/* decompress kernel */
     kernel_base = (char*) 0x4000;
+    kernel_end = kernel_base +
+		 ((image_table[kernel_number].unpacked_len + 0xfff) & ~0xfff);
+    kernel_limit = moved_kernel;
 
-    if (decompress (kernel_base, kernel_base + ((image_table[kernel_number].unpacked_len
-		 + 0xfff) & ~0xfff), get_input, unget_input) == -1)
+    if (kernel_end > kernel_limit) {
+	printf("No space to decompress the kernel.\n");
+	prom_halt();
+    }
+
+    if (decompress (kernel_base, kernel_end, get_input, unget_input) == -1)
     	{
         printf ("\nKernel decompression error\n");
         prom_halt();