From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1K1Lqb-0007dp-AO for mharc-grub-devel@gnu.org; Wed, 28 May 2008 09:37:45 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1K1LqZ-0007ct-Ho for grub-devel@gnu.org; Wed, 28 May 2008 09:37:43 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1K1LqW-0007bi-NW for grub-devel@gnu.org; Wed, 28 May 2008 09:37:43 -0400 Received: from [199.232.76.173] (port=32836 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1K1LqW-0007bX-HF for grub-devel@gnu.org; Wed, 28 May 2008 09:37:40 -0400 Received: from aybabtu.com ([69.60.117.155]:53331) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1K1LqW-0005HQ-FN for grub-devel@gnu.org; Wed, 28 May 2008 09:37:40 -0400 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1K1Lpu-0006nY-HY; Wed, 28 May 2008 15:37:14 +0200 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1K1Lpj-0006x3-U0; Wed, 28 May 2008 15:36:52 +0200 Date: Wed, 28 May 2008 15:36:51 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20080528133651.GA26495@thorin> References: <200805080454.54578.isaacmarcos100010@gmail.com> <3ac92b10805161048q6b4e12b4kd8cca66644d904a9@mail.gmail.com> <1210960960.19414.6.camel@dv> <200805212021.11751.isaacmarcos100010@gmail.com> <1211453522.24846.3.camel@dv> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1211453522.24846.3.camel@dv> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Cc: "Isaac M. Marcos" Subject: Re: grub-probe gets a segfault X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2008 13:37:43 -0000 On Thu, May 22, 2008 at 06:52:02AM -0400, Pavel Roskin wrote: > On Wed, 2008-05-21 at 20:20 -0430, Isaac M. Marcos wrote: > > Today, I bump on this problem again on updating kernel. Because of this fault, > > update-initramfs reports a failure. It can't find "/". > > > > grub-probe -t device / --> segfault!! > > This patch should help. It checks for the buffer overrun. I still feel > uneasy about applying it because it hides a bigger problem. The constraints are a bit unusual here. We don't have a handler for exceptions, so this error could mean your machine stops booting. And additionally this code is in fact run in situations where LVM might not be used (e.g. grub-probe is probing something in an unrelated partition). In both cases IMHO it's much more desireable to avoid the problem and accept the lesser evil that our LVM code might not be as complete, but at least it's robust. So I'd recommend to get this patch in. If that makes you feel better about this, how about adding a warning message in this fail condition? (though, note we have many fail conditions like this one in that function, and these don't have any warning atm). > diff --git a/disk/lvm.c b/disk/lvm.c > index 1d898ff..997d15c 100644 > --- a/disk/lvm.c > +++ b/disk/lvm.c > @@ -302,9 +302,12 @@ grub_lvm_scan_device (const char *name) > rlocn = mdah->raw_locns; > p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); > > - while (*q != ' ') > + while (*q != ' ' && q < metadatabuf + mda_size) > q++; > > + if (q == metadatabuf + mda_size) > + goto fail2; > + > vgname_len = q - p; > vgname = grub_malloc (vgname_len + 1); > if (!vgname) -- Robert Millan I know my rights; I want my phone call! What good is a phone call… if you are unable to speak? (as seen on /.)