fs/binfmt_elf.c: don't be afraid of overflow

Number of ELF program headers is 16-bit by spec, so total size
comfortably fits into "unsigned int".

Space savings: 7 bytes!

	add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-7 (-7)
	Function                                     old     new   delta
	load_elf_phdrs                               137     130      -7

Link: http://lkml.kernel.org/r/20190204202715.GA27482@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 54207327f98f8bb7925d83b27906bddadfc4e0c5..fd4b618c412eb70b4936c3459bfc80057623a7c0 100644 (file)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -418,8 +418,9 @@ static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
                                       struct file *elf_file)
 {
        struct elf_phdr *elf_phdata = NULL;
-       int retval, size, err = -1;
+       int retval, err = -1;
        loff_t pos = elf_ex->e_phoff;
+       unsigned int size;
 
        /*
         * If the size of this structure has changed, then punt, since
@@ -429,13 +430,9 @@ static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
                goto out;
 
        /* Sanity check the number of program headers... */
-       if (elf_ex->e_phnum < 1 ||
-               elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
-               goto out;
-
        /* ...and their total size. */
        size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
-       if (size > ELF_MIN_ALIGN)
+       if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
                goto out;
 
        elf_phdata = kmalloc(size, GFP_KERNEL);