emerging gentoo-sources-2.4.20-r9 displays a message Applying do_brk_fix.patch... But inspecting the source afterwards revealed that the patch is NOT applied, because the offsets are not correct. The distributed patch reads --- a/mm/mmap.c Fri Sep 12 06:44:06 2003 +++ b/mm/mmap.c Thu Oct 2 01:18:19 2003 @@ -1041,6 +1041,9 @@ if (!len) return addr; + if ((addr + len) > TASK_SIZE || (addr + len) < addr) + return -EINVAL; + /* * mlock MCL_FUTURE? */ But in my source, I found the position of the code fragment to be @@ -1248,6 +1248,9 @@ This is probably because of previously applied patches. This should get fixed promptly, as it is a security concern. But then there is another question: shouldn't portage have given a big warning about the patch not being applied?
Considering the nature of this bug report, shouldn't it have a higher severity? If this is indeed true, it could be luring Gentoo users into a false sense of security. This needs addressing ASAP in my opinion.
fixed in cvs