From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1MUQMz-0000xt-2n
	for mharc-grub-devel@gnu.org; Fri, 24 Jul 2009 15:23:53 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MUQMx-0000x6-3V
	for grub-devel@gnu.org; Fri, 24 Jul 2009 15:23:51 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MUQMs-0000uq-1G
	for grub-devel@gnu.org; Fri, 24 Jul 2009 15:23:50 -0400
Received: from [199.232.76.173] (port=41076 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MUQMr-0000ul-Ry
	for grub-devel@gnu.org; Fri, 24 Jul 2009 15:23:45 -0400
Received: from moutng.kundenserver.de ([212.227.126.188]:56910)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <fzielcke@z-51.de>) id 1MUQMr-0001AE-7x
	for grub-devel@gnu.org; Fri, 24 Jul 2009 15:23:45 -0400
Received: from [85.180.4.132] (e180004132.adsl.alicedsl.de [85.180.4.132])
	by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis)
	id 0MKuxg-1MUQMp2hXb-0008QW; Fri, 24 Jul 2009 21:23:43 +0200
From: Felix Zielcke <fzielcke@z-51.de>
To: The development of GRUB 2 <grub-devel@gnu.org>
In-Reply-To: <1248454704.3510.67.camel@fz.local>
References: <1248454704.3510.67.camel@fz.local>
Content-Type: multipart/mixed; boundary="=-hniyN8MF32SkgtmS6zNE"
Date: Fri, 24 Jul 2009 21:24:31 +0200
Message-Id: <1248463471.3510.77.camel@fz.local>
Mime-Version: 1.0
X-Mailer: Evolution 2.27.4 
X-Provags-ID: V01U2FsdGVkX1/hIUlE/+vWeFlmyu6+dp9lSQbOLLIfupP2XuC
	BOWbceDQkrnKrC6ZXfBH/kY89MYVGaXPPmsGvWNbQML35csllE
	fUMjkKuGkcSWD1kFzSwkw==
X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not
	recognized.
Subject: Re: [PATCH] fix an infinite loop with a corrupted pc partition table
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2009 19:23:51 -0000


--=-hniyN8MF32SkgtmS6zNE
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Am Freitag, den 24.07.2009, 18:58 +0200 schrieb Felix Zielcke:
> 
> 
> With this [0] partition table grub-probe currently loops forever:
> 
> kern/disk.c:389: Reading `hd1'...
> partmap/pc.c:142: partition 0: flag 0x0, type 0x5, start 0x0, len
> 0x11177330
> partmap/pc.c:142: partition 1: flag 0x0, type 0x0, start 0x0, len 0x0
> partmap/pc.c:142: partition 2: flag 0x0, type 0x0, start 0x0, len 0x0
> partmap/pc.c:142: partition 3: flag 0x0, type 0x0, start 0x0, len 0x0
> kern/disk.c:389: Reading `hd1'...
> partmap/pc.c:142: partition 0: flag 0x0, type 0x5, start 0x0, len
> 0x11177330
> partmap/pc.c:142: partition 1: flag 0x0, type 0x0, start 0x0, len 0x0
> partmap/pc.c:142: partition 2: flag 0x0, type 0x0, start 0x0, len 0x0
> partmap/pc.c:142: partition 3: flag 0x0, type 0x0, start 0x0, len 0x0
> [...]
> 
> This patch fixes it, but probable there's a better fix.
> 
> 
> [0]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=corrupt-table.dat;att=1;bug=519223 

Here's a new one after comments from Vladimir on IRC
loop count is increased to 100'000 and partitions with a starting sector
of 0 are ignored.

-- 
Felix Zielcke

--=-hniyN8MF32SkgtmS6zNE
Content-Disposition: attachment; filename="corrupted_partmap.diff.2"
Content-Type: text/plain; name="corrupted_partmap.diff.2"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

2009-07-24  Felix Zielcke  <fzielcke@z-51.de>

	* partmap/pc.c (pc_partition_map_iterate): Don't loop forever
	in case the partition table is corrupted.  Also ignore partitions
	with a starting sector of 0.

diff --git a/partmap/pc.c b/partmap/pc.c
index 6f68ecf..ab58b3d 100644
--- a/partmap/pc.c
+++ b/partmap/pc.c
@@ -97,6 +97,7 @@ pc_partition_map_iterate (grub_disk_t disk,
   struct grub_pc_partition_mbr mbr;
   struct grub_pc_partition_disk_label label;
   struct grub_disk raw;
+  int loop;
 
   /* Enforce raw disk access.  */
   raw = *disk;
@@ -108,11 +109,13 @@ pc_partition_map_iterate (grub_disk_t disk,
   p.data = &pcdata;
   p.partmap = &grub_pc_partition_map;
 
-  while (1)
+  loop = 0;
+  while (loop < 100000)
     {
       int i;
       struct grub_pc_partition_entry *e;
 
+      loop++;
       /* Read the MBR.  */
       if (grub_disk_read (&raw, p.offset, 0, sizeof (mbr), &mbr))
 	goto finish;
@@ -143,7 +146,7 @@ pc_partition_map_iterate (grub_disk_t disk,
 	    return grub_error (GRUB_ERR_BAD_PART_TABLE, "dummy mbr");
 
 	  /* If this partition is a normal one, call the hook.  */
-	  if (! grub_pc_partition_is_empty (e->type)
+	  if (e->start != 0 && ! grub_pc_partition_is_empty (e->type)
 	      && ! grub_pc_partition_is_extended (e->type))
 	    {
 	      pcdata.dos_part++;
@@ -206,7 +209,7 @@ pc_partition_map_iterate (grub_disk_t disk,
 	{
 	  e = mbr.entries + i;
 
-	  if (grub_pc_partition_is_extended (e->type))
+	  if (e->start != 0 && grub_pc_partition_is_extended (e->type))
 	    {
 	      p.offset = pcdata.ext_offset + grub_le_to_cpu32 (e->start);
 	      if (! pcdata.ext_offset)
@@ -221,6 +224,8 @@ pc_partition_map_iterate (grub_disk_t disk,
 	break;
     }
 
+  if (loop == 100000)
+    return grub_error (GRUB_ERR_BAD_PART_TABLE, "Corrupted partition table found.");
  finish:
   return grub_errno;
 }

--=-hniyN8MF32SkgtmS6zNE--