loader/i386: fix out of bound memory copy on non-UEFI linux#53
loader/i386: fix out of bound memory copy on non-UEFI linux#53ajeddeloh merged 1 commit intocoreos:2.02-coreosfrom
Conversation
|
/cc @ajeddeloh I noticed this in opensuse changelog while looking for an unrelated TPM thing. I'm not sure if it is related to your "free magic" investigation and I didn't test it, but it looks interesting. |
dm0-
left a comment
There was a problem hiding this comment.
It certainly looks like the intended behavior. The upstream line this replaced was if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len).
grub-core/loader/i386/linux.c
Outdated
| len = sizeof (linux_params) - sizeof (lh); | ||
|
|
||
| grub_memcpy (&linux_params + sizeof (lh), kernel + kernel_offset, len); | ||
| grub_memcpy ((char *)&linux_params + sizeof (lh), kernel + kernel_offset, len); |
There was a problem hiding this comment.
Being picky, the coding style puts a space after casts, but this is unlikely to be upstreamed since a newer implementation is being proposed, so not a big deal.
There was a problem hiding this comment.
Ack, I re-pushed to fix the spacing.
|
Ran this through GDB and manually fixed the call to use the correct size. This fixes the free magic (can't continue booting since I'm running in 32-bit qemu for gdb's sake). |
Ref: https://bugzilla.opensuse.org/show_bug.cgi?id=1029187
Ref: https://build.opensuse.org/package/rdiff/openSUSE:Factory/grub2?linkrev=base&rev=159
Ref: coreos/bugs#2284