3dbrew

Changes

11.1.0-34 (edit)

Revision as of 19:08, 2 November 2016

226 bytes added ,  19:08, 2 November 2016
m
β†’β€ŽARM11-kernel
Line 22: Line 22:  
* L_fff1c730, prev ver @ L_fff1c6f0.
 
* L_fff1c730, prev ver @ L_fff1c6f0.
 
* L_fff26410, prev ver @ L_fff26394.
 
* L_fff26410, prev ver @ L_fff26394.
 +
 +
All three functions now prevent negative chunk sizes to be used, which could have been used with hypotetical kernel-memory-read vulnerabilities to exploit the memory-management code.
    
The first function ("validateChunk") now makes sure that:
 
The first function ("validateChunk") now makes sure that:
Line 36: Line 38:  
  if(chunkSizeInPages >= regionSize >> 12 || regionBase + regionSize < chunk + chunkSize) panic;
 
  if(chunkSizeInPages >= regionSize >> 12 || regionBase + regionSize < chunk + chunkSize) panic;
 
  // ...
 
  // ...
βˆ’
  if(leftChunk && leftChunk + leftChunkSize <= leftChunk) panic;
+
  if(leftChunk && leftChunk + leftChunkSize <= leftChunk) panic; // this check was already done on 'right'
    
====FIRM-modules====
 
====FIRM-modules====
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/18532"