Skip to content

Commit f6da4fe

Browse files
bjzhjingrbradford
bjzhjing
authored and
rbradford
committed
loader: Add memory overflow checking for kernel end
There is no checking in loader to see if the memory is large enough to store the kernel image, so add this checking to avoid memory overflow. Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
1 parent be2e8b0 commit f6da4fe

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

src/loader/mod.rs

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ pub enum Error {
5151
InvalidBzImage,
5252
InvalidKernelStartAddress,
5353
InitrdImageSizeTooLarge,
54+
MemoryOverflow,
5455
ReadElfHeader,
5556
ReadKernelImage,
5657
ReadProgramHeader,
@@ -83,6 +84,7 @@ impl error::Error for Error {
8384
Error::InvalidBzImage => "Invalid bzImage",
8485
Error::InvalidKernelStartAddress => "Invalid kernel start address",
8586
Error::InitrdImageSizeTooLarge => "Initrd image size too large",
87+
Error::MemoryOverflow => "Memory to load kernel image is not enough",
8688
Error::ReadElfHeader => "Unable to read elf header",
8789
Error::ReadKernelImage => "Unable to read kernel image",
8890
Error::ReadProgramHeader => "Unable to read program header",
@@ -227,8 +229,9 @@ impl KernelLoader for Elf {
227229
.read_exact_from(mem_offset, kernel_image, phdr.p_filesz as usize)
228230
.map_err(|_| Error::ReadKernelImage)?;
229231

230-
loader_result.kernel_end =
231-
mem_offset.raw_value() as GuestUsize + phdr.p_memsz as GuestUsize;
232+
loader_result.kernel_end = mem_offset.raw_value()
233+
.checked_add(phdr.p_memsz as GuestUsize)
234+
.ok_or(Error::MemoryOverflow)?;
232235
}
233236

234237
loader_result.setup_header = None;
@@ -321,7 +324,9 @@ impl KernelLoader for BzImage {
321324
.read_exact_from(mem_offset, kernel_image, kernel_size)
322325
.map_err(|_| Error::ReadBzImageCompressedKernel)?;
323326

324-
loader_result.kernel_end = mem_offset.raw_value() as GuestUsize + kernel_size as GuestUsize;
327+
loader_result.kernel_end = mem_offset.raw_value()
328+
.checked_add(kernel_size as GuestUsize)
329+
.ok_or(Error::MemoryOverflow)?;
325330

326331
Ok(loader_result)
327332
}

0 commit comments

Comments
 (0)