zdump: dfi_mem_range_valid: check that unsigned int operation don't wrap

Validate that the addition of the parameters @addr and @len given to `dfi_mem_range_valid()` does not overflow 64bit unsigned integer type. This fixes the following segmentation fault: [#0] 0x2aa000084fc → mem_read(mem=0x2aa00021b68 <l+152>, addr=0xffffffffffffffff, buf=0x3ffffffec64, cnt=0xc) [#1] 0x2aa00009964 → dfi_mem_read(addr=0xfffffffffffffffa, buf=0x3ffffffec64, cnt=0xc) [#2] 0x2aa00009c86 → dfi_mem_read_rc(addr=0xfffffffffffffffa, buf=0x3ffffffec64, cnt=0xc) [#3] 0x2aa0000ba42 → dfi_vmcoreinfo_init() [#4] 0x2aa0000b496 → dfi_init() [#5] 0x2aa00005aa6 → do_dump_info() [#6] 0x2aa00005c82 → main(argc=<optimized out>, argv=0x3fffffff118) Reviewed-by: Alexander Egorenkov <[email protected]> Signed-off-by: Marc Hartmayer <[email protected]> Signed-off-by: Jan Höppner <[email protected]>
ibm-s390-linux · Oct 1, 2021 · a0b8033 · a0b8033
1 parent 9cc7483
commit a0b8033
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/zdump/dfi.c b/zdump/dfi.c
@@ -204,6 +204,10 @@ int dfi_mem_range_valid(u64 addr, u64 len)
 	struct dfi_mem_chunk *mem_chunk;
 	u64 addr_end = addr + len;
 
+	/* check for unsigned wrap */
+	if (addr_end < addr)
+		return 0;
+
 	do {
 		mem_chunk = dfi_mem_chunk_find(addr);
 		if (!mem_chunk)