From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1JE97W-0006eZ-3D for mharc-grub-devel@gnu.org; Sun, 13 Jan 2008 15:07:50 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JE97T-0006d9-Vt for grub-devel@gnu.org; Sun, 13 Jan 2008 15:07:48 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JE97Q-0006ap-6k for grub-devel@gnu.org; Sun, 13 Jan 2008 15:07:47 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JE97Q-0006am-0r for grub-devel@gnu.org; Sun, 13 Jan 2008 15:07:44 -0500 Received: from aybabtu.com ([69.60.117.155]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1JE97N-0001gZ-MF for grub-devel@gnu.org; Sun, 13 Jan 2008 15:07:43 -0500 Received: from [192.168.10.6] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1JE97G-0006e1-O1 for grub-devel@gnu.org; Sun, 13 Jan 2008 21:07:35 +0100 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1JE95q-00060K-7a for grub-devel@gnu.org; Sun, 13 Jan 2008 21:06:06 +0100 Date: Sun, 13 Jan 2008 21:06:06 +0100 From: Robert Millan To: grub-devel@gnu.org Message-ID: <20080113200606.GA23059@thorin> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: [PATCH] restrict parsing of `available' X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2008 20:07:48 -0000 --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Another patch for i386-ieee1275. Again, I'd appreciate if someone can test it on PowerPC hardware. -- Robert Millan I know my rights; I want my phone call! What use is a phone call, if you are unable to speak? (as seen on /.) --3MwIy2ne0vdjdPXF Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="ieee1275_available_size.diff" * kern/powerpc/ieee1275/openfw.c (grub_available_iterate): Obtain actual size of `available' from grub_ieee1275_get_property(), and restrict parsing to that bound. diff -urp grub2/kern/powerpc/ieee1275/openfw.c grub2.available/kern/powerpc/ieee1275/openfw.c --- grub2/kern/powerpc/ieee1275/openfw.c 2007-12-30 09:52:05.000000000 +0100 +++ grub2.available/kern/powerpc/ieee1275/openfw.c 2008-01-13 21:03:06.000000000 +0100 @@ -141,6 +141,7 @@ grub_err_t grub_available_iterate (int ( grub_ieee1275_phandle_t root; grub_ieee1275_phandle_t memory; grub_uint32_t available[32]; + grub_size_t available_size; int address_cells = 1; int size_cells = 1; unsigned int i; @@ -157,13 +158,14 @@ grub_err_t grub_available_iterate (int ( return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "Couldn't find /memory node"); if (grub_ieee1275_get_property (memory, "available", available, - sizeof available, 0)) + sizeof available, &available_size)) return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "Couldn't examine /memory/available property"); /* Decode each entry and call `hook'. */ i = 0; - while (i < sizeof (available)) + available_size /= sizeof (grub_uint32_t); + while (i < available_size) { grub_uint64_t address; grub_uint64_t size; --3MwIy2ne0vdjdPXF--