[PATCH] a.out: error check on set_brk

It's possible for do_brk() to fail during set_brk() when exec'ing and a.out. This was noted with Florian's a.out binary and overcommit set to 0. Capture this error and terminate properly. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] a.out: error check on set_brk
It's possible for do_brk() to fail during set_brk() when exec'ing and a.out. This was noted with Florian's a.out binary and overcommit set to 0. Capture this error and terminate properly. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
7b278e69 · Chris Wright · Linus Torvalds · e69a11be · 7b278e69
Commit 7b278e69 authored Nov 16, 2004 by Chris Wright Committed by Linus Torvalds Nov 16, 2004
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

fs/binfmt_aout.c fs/binfmt_aout.c +14 -5

No files found.
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -43,13 +43,18 @@ static struct linux_binfmt aout_format = {
 	.min_coredump	= PAGE_SIZE
 };
-static void set_brk(unsigned long start, unsigned long end)
+#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
+static int set_brk(unsigned long start, unsigned long end)
 {
 	start = PAGE_ALIGN(start);
 	end = PAGE_ALIGN(end);
-	if (end <= start)
+	if (end > start) {
-		return;
+		unsigned long addr = do_brk(start, end - start);
-	do_brk(start, end - start);
+		if (BAD_ADDR(addr))
+			return addr;
+	}
+	return 0;
 }
 /*
@@ -413,7 +418,11 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
 beyond_if:
 	set_binfmt(&aout_format);
-	set_brk(current->mm->start_brk, current->mm->brk);
+	retval = set_brk(current->mm->start_brk, current->mm->brk);
+	if (retval < 0) {
+		send_sig(SIGKILL, current, 0);
+		return retval;
+	}
 	retval = setup_arg_pages(bprm, EXSTACK_DEFAULT);
 	if (retval < 0) {