From: Alan Cox <alan@linux.intel.com>
Date: Sun, 10 Mar 2019 00:26:22 +0000 (+0000)
Subject: syscall_exec16: Fix BSS wrap bug
X-Git-Url: https://git.ndcode.org/public/gitweb.cgi?a=commitdiff_plain;h=e54e1e1d2ca07c8605a366301e564cc69e97f7f2;p=FUZIX.git

syscall_exec16: Fix BSS wrap bug

If the binary fits but it has a huge BSS value then kernel wrongly allows it to
start. Because of some other bugs and quirks it ends up running sanely for most
platforms but the BSS is not cleared.

This breaks the current builds of /bin/sh so you'll need to build a new one with
the tools patches that follow this applied.
---

diff --git a/Kernel/syscall_exec16.c b/Kernel/syscall_exec16.c
index 8db92b51..fa8eae7d 100644
--- a/Kernel/syscall_exec16.c
+++ b/Kernel/syscall_exec16.c
@@ -108,6 +108,10 @@ arg_t _execve(void)
 	/* Binary doesn't fit */
 	/* FIXME: review overflows */
 	bin_size = ino->c_node.i_size;
+	if (bin_size + bss < bin_size) {
+		udata.u_error = ENOMEM;
+		goto nogood2;
+	}
 	progptr = bin_size + 1024 + bss;
 	if (progload < PROGLOAD || top - progload < progptr || progptr < bin_size) {
 		udata.u_error = ENOMEM;