Increase the size of the zImage after seeking for the tag to avoid reading past the end of the supplied buffer should there be not tag in the zImage. Fixes: f57f0bf8975d24fe1e7c4936fdfb5c3b123ab75f Signed-off-by: Łukasz Stelmach <l.stelmach@xxxxxxxxxxx> Cc: Russell King <rmk@xxxxxxxxxxxxxxx> --- kexec/arch/arm/kexec-zImage-arm.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/kexec/arch/arm/kexec-zImage-arm.c b/kexec/arch/arm/kexec-zImage-arm.c index ff609e2..925a9be 100644 --- a/kexec/arch/arm/kexec-zImage-arm.c +++ b/kexec/arch/arm/kexec-zImage-arm.c @@ -543,6 +543,14 @@ int zImage_arm_load(int argc, char **argv, const char *buf, off_t len, */ kernel_mem_size = len + 4; + /* + * Check for a kernel size extension, and set or validate the + * image size. This is the total space needed to avoid the + * boot kernel BSS, so other data (such as initrd) does not get + * overwritten. + */ + tag = find_extension_tag(buf, len, ZIMAGE_TAG_KRNL_SIZE); + /* * The zImage length does not include its stack (4k) or its * malloc space (64k). Include this. @@ -551,13 +559,6 @@ int zImage_arm_load(int argc, char **argv, const char *buf, off_t len, dbgprintf("zImage requires 0x%08llx bytes\n", (unsigned long long)len); - /* - * Check for a kernel size extension, and set or validate the - * image size. This is the total space needed to avoid the - * boot kernel BSS, so other data (such as initrd) does not get - * overwritten. - */ - tag = find_extension_tag(buf, len, ZIMAGE_TAG_KRNL_SIZE); if (tag) { uint32_t *p = (void *)buf + le32_to_cpu(tag->u.krnl_size.size_ptr); uint32_t edata_size = le32_to_cpu(get_unaligned(p)); -- 2.26.2 _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec