From 1dcaedab3054b31d0e9c691dc511edab72f323d2 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Thu, 21 Dec 2000 04:55:12 +0000
Subject: [PATCH] sys_size is only 16 bits and can wrap around

committer: jreiser <jreiser> 977374512 +0000
---
 src/p_vmlinz.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/p_vmlinz.cpp b/src/p_vmlinz.cpp
index 11f34bb0..9ac2e96a 100644
--- a/src/p_vmlinz.cpp
+++ b/src/p_vmlinz.cpp
@@ -95,7 +95,8 @@ int PackVmlinuzI386::readFileHeader()
     setup_size = (1 + (h.setup_sects ? h.setup_sects : 4)) * 0x200;
     if (setup_size <= 0 || setup_size >= file_size)
         return -1;
-    if (setup_size + 16 * h.sys_size != (unsigned) ALIGN_UP(file_size, 16))
+    if (setup_size + 16 * h.sys_size  // beware 16-bit sys_size
+    != (~(~0u<<20) & (unsigned) ALIGN_UP(file_size, 16)) )
         return -1;
 
     // FIXME: add more checks for a valid kernel