From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1PYCwl-0006ck-42
	for mharc-grub-devel@gnu.org; Thu, 30 Dec 2010 02:29:15 -0500
Received: from [140.186.70.92] (port=36159 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PYCwi-0006cV-0A
	for grub-devel@gnu.org; Thu, 30 Dec 2010 02:29:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <djvasi@gmail.com>) id 1PYCwf-0001Fj-FK
	for grub-devel@gnu.org; Thu, 30 Dec 2010 02:29:11 -0500
Received: from mail-gw0-f41.google.com ([74.125.83.41]:36297)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <djvasi@gmail.com>) id 1PYCwf-0001Ey-BT
	for grub-devel@gnu.org; Thu, 30 Dec 2010 02:29:09 -0500
Received: by gwj22 with SMTP id 22so5412915gwj.0
	for <grub-devel@gnu.org>; Wed, 29 Dec 2010 23:29:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:sender:subject:from:to
	:content-type:date:message-id:mime-version:x-mailer
	:content-transfer-encoding;
	bh=mK74RuoT8Si8uDDuAbOx57IJosVNUIjAXkQjyoKGpb0=;
	b=QJZD1iwon1xMlIdwAh7DhFWg9hSSzphIWI54ylH/hezSGsSpBjDOgMkVDKHrhVIXtc
	rPnGqR8tkeXkKq9/vkroKUVL9/eN6Kwv5bmtji1ODv3fFxJbn3vOK/TolvlcK12HC2D4
	Mlhlun533O9ZTr9dUkxSwZpOJfUElqXYeMSrY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=sender:subject:from:to:content-type:date:message-id:mime-version
	:x-mailer:content-transfer-encoding;
	b=TjoOJMs1ZfzgWCLLQN+O/Yw6xXjiJO9MsNuuFPejMzBzAP5YYRXp8JsAc1+WnKYZR3
	RkDgSW9NqiIT33DGCR1RooF/HuTyUkEi/mZQ9SS70q79Bi4YoPBdWxa6PrCQC9xdnPw1
	0Wa6mXb03EPK3Nuhvs6kg7mpkOHMVhd19CnNM=
Received: by 10.100.173.1 with SMTP id v1mr2182081ane.27.1293694147585;
	Wed, 29 Dec 2010 23:29:07 -0800 (PST)
Received: from [192.168.0.106] ([24.145.78.98])
	by mx.google.com with ESMTPS id 37sm21628261anr.24.2010.12.29.23.29.00
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Wed, 29 Dec 2010 23:29:03 -0800 (PST)
Sender: Dave Vasilevsky <djvasi@gmail.com>
From: Dave Vasilevsky <dave@vasilevsky.ca>
To: grub-devel@gnu.org
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 30 Dec 2010 02:28:54 -0500
Message-ID: <1293694134.2873.17.camel@Inchon>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: [PATCH] hfsplus: Prevent overflows in comparisons
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Dec 2010 07:29:13 -0000

When very high Catalog Node IDs are in use, comparing CNIDs via
subtraction may overflow. This causes files and folders to appear to be
missing in the btree. It's safer to just use comparison operations
rather than subtraction.

Also fixes the parent field in grub_hfsplus_catkey_internal, which is
currently using an unqualified int to hold an unsigned value.

=== modified file 'grub-core/fs/hfsplus.c'
--- grub-core/fs/hfsplus.c	2010-01-20 08:12:47 +0000
+++ grub-core/fs/hfsplus.c	2010-12-30 07:10:03 +0000
@@ -178,7 +178,7 @@
 /* Internal representation of a catalog key.  */
 struct grub_hfsplus_catkey_internal
 {
-  int parent;
+  grub_uint32_t parent;
   char *name;
 };
 
@@ -520,9 +520,12 @@
   int i;
   int diff;
 
-  diff = grub_be_to_cpu32 (catkey_a->parent) - catkey_b->parent;
-  if (diff)
-    return diff;
+  /* Safe unsigned comparison */
+  grub_uint32_t aparent = grub_be_to_cpu32 (catkey_a->parent);
+  if (aparent > catkey_b->parent)
+    return 1;
+  if (aparent < catkey_b->parent)
+    return -1;
 
   /* Change the filename in keya so the endianness is correct.  */
   for (i = 0; i < grub_be_to_cpu16 (catkey_a->namelen); i++)
@@ -555,15 +558,21 @@
 {
   struct grub_hfsplus_extkey *extkey_a = &keya->extkey;
   struct grub_hfsplus_extkey_internal *extkey_b = &keyb->extkey;
-  int diff;
-
-  diff = grub_be_to_cpu32 (extkey_a->fileid) - extkey_b->fileid;
-
-  if (diff)
-    return diff;
-
-  diff = grub_be_to_cpu32 (extkey_a->start) - extkey_b->start;
-  return diff;
+  grub_uint32_t akey;
+
+  /* Safe unsigned comparison */
+  akey = grub_be_to_cpu32 (extkey_a->fileid);
+  if (akey > extkey_b->fileid)
+    return 1;
+  if (akey < extkey_b->fileid)
+    return -1;
+  
+  akey = grub_be_to_cpu32 (extkey_a->start);
+  if (akey > extkey_b->start)
+    return 1;
+  if (akey < extkey_b->start)
+    return -1;
+  return 0;
 }
 
 static char *