media: video: tegra: sh532u: fix out-of-bounds read
[linux-2.6.git] / init / initramfs.c
index 37d3859..2531811 100644 (file)
@@ -457,7 +457,8 @@ static char * __init unpack_to_rootfs(char *buf, unsigned len)
                                         compress_name);
                                message = msg_buf;
                        }
-               }
+               } else
+                       error("junk in compressed archive");
                if (state != Reset)
                        error("junk in compressed archive");
                this_header = saved_offset + my_inptr;
@@ -482,7 +483,8 @@ static int __init retain_initrd_param(char *str)
 }
 __setup("retain_initrd", retain_initrd_param);
 
-extern char __initramfs_start[], __initramfs_end[];
+extern char __initramfs_start[];
+extern unsigned long __initramfs_size;
 #include <linux/initrd.h>
 #include <linux/kexec.h>
 
@@ -527,7 +529,7 @@ static void __init clean_rootfs(void)
        struct linux_dirent64 *dirp;
        int num;
 
-       fd = sys_open("/", O_RDONLY, 0);
+       fd = sys_open((const char __user __force *) "/", O_RDONLY, 0);
        WARN_ON(fd < 0);
        if (fd < 0)
                return;
@@ -569,8 +571,7 @@ static void __init clean_rootfs(void)
 
 static int __init populate_rootfs(void)
 {
-       char *err = unpack_to_rootfs(__initramfs_start,
-                        __initramfs_end - __initramfs_start);
+       char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size);
        if (err)
                panic(err);     /* Failed to decompress INTERNAL initramfs */
        if (initrd_start) {
@@ -584,12 +585,12 @@ static int __init populate_rootfs(void)
                        return 0;
                } else {
                        clean_rootfs();
-                       unpack_to_rootfs(__initramfs_start,
-                                __initramfs_end - __initramfs_start);
+                       unpack_to_rootfs(__initramfs_start, __initramfs_size);
                }
                printk(KERN_INFO "rootfs image is not initramfs (%s)"
                                "; looks like an initrd\n", err);
-               fd = sys_open("/initrd.image", O_WRONLY|O_CREAT, 0700);
+               fd = sys_open((const char __user __force *) "/initrd.image",
+                             O_WRONLY|O_CREAT, 0700);
                if (fd >= 0) {
                        sys_write(fd, (char *)initrd_start,
                                        initrd_end - initrd_start);