525
edits
Changes
mLine 22:
Line 22: + + Line 36:
Line 38: − +
→ARM11-kernel
* L_fff1c730, prev ver @ L_fff1c6f0.
* L_fff1c730, prev ver @ L_fff1c6f0.
* L_fff26410, prev ver @ L_fff26394.
* L_fff26410, prev ver @ L_fff26394.
All three functions now prevent negative chunk sizes to be used, which could have been used with hypotetical kernel-memory-read vulnerabilities to exploit the memory-management code.
The first function ("validateChunk") now makes sure that:
The first function ("validateChunk") now makes sure that:
if(chunkSizeInPages >= regionSize >> 12 || regionBase + regionSize < chunk + chunkSize) panic;
if(chunkSizeInPages >= regionSize >> 12 || regionBase + regionSize < chunk + chunkSize) panic;
// ...
// ...
if(leftChunk && leftChunk + leftChunkSize <= leftChunk) panic;
if(leftChunk && leftChunk + leftChunkSize <= leftChunk) panic; // this check was already done on 'right'
====FIRM-modules====
====FIRM-modules====