[PATCH] kexec-tools, ppc64: Fix segfault on parsing of large device trees.

Simon Horman horms at verge.net.au
Mon May 10 05:19:40 EDT 2010


On Mon, May 10, 2010 at 02:55:03PM +1000, Michael Neuling wrote:
> 
> 
> In message <4BE78E06.6080601 at ozlabs.org> you wrote:
> > 
> > ppc64's fs2dt used to use a fixed-size array into which the device tree
> > was parsed.  There was no bounds checking, so with a large device tree other
> > heap data ended up getting stomped -- SIGSEGV time.
> > 
> > This patch adds a function, 'dt_reserve', to check whether there's enough spa
> ce
> > left prior to writing data to the array.  If not, the array is realloced.
> > 
> > Signed-off-by: Matt Evans <matt at ozlabs.org>
> 
> FWIW...
> 
> Ack-by: Michael Neuling <mikey at neuling.org>
> 
> (also added linuxppc-dev at ozlabs.org to CC list)

Thanks, applied.



More information about the kexec mailing list