On Wed, 04 Dec 2024 15:07:15 +0300, Dan Carpenter wrote:
> Most of these sizes and counts are capped at 256MB so the math doesn't
> result in an integer overflow. The "relocs" count needs to be checked
> as well. Otherwise on 32bit systems the calculation of "full_data"
> could be wrong.
>
> full_data = data_len + relocs * sizeof(unsigned long);
>
> [...]
Applied to for-next/topic/execve/core, thanks!
[1/1] binfmt_flat: Fix integer overflow bug on 32 bit systems
https://git.kernel.org/kees/c/55cf2f4b945f
Take care,
--
Kees Cook
