* [PATCH] fix off-by-one in grub_file_getline
@ 2012-05-31 11:43 Christer Weinigel
2012-05-31 12:35 ` Vladimir 'φ-coder/phcoder' Serbinenko
0 siblings, 1 reply; 2+ messages in thread
From: Christer Weinigel @ 2012-05-31 11:43 UTC (permalink / raw)
To: grub-devel
I'd like to submit a few trivial patches that I've had on my hard
drive for a while. This patch is against the latest version in the
trunk on bzr.savannah.gnu.org.
If grub_file_getline tries to read a line which is exactly
64 bytes long it will write the terminating zero past the
end of the allocated buffer causing memory corruption.
Trivial fix which reserves one more byte in the buffer.
diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index feeb1ef..eb4b1c7 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -65,7 +65,7 @@ grub_file_getline (grub_file_t file)
continue;
- if (pos >= max_len)
+ if (pos + 1 >= max_len)
{
char *old_cmdline = cmdline;
max_len = max_len * 2;
--
Have laptop, will travel. I'm a consultant looking for interesting
jobs anywhere in the world. I'm an experienced software engineer with
a solid understanding of hardware. Specialities: Linux, device
drivers and embedded systems in general. Find me at www.weinigel.se.
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] fix off-by-one in grub_file_getline
2012-05-31 11:43 [PATCH] fix off-by-one in grub_file_getline Christer Weinigel
@ 2012-05-31 12:35 ` Vladimir 'φ-coder/phcoder' Serbinenko
0 siblings, 0 replies; 2+ messages in thread
From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2012-05-31 12:35 UTC (permalink / raw)
To: The development of GNU GRUB
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
Committed, thanks. Could you supply ChangeLog entry next time?
On 31.05.2012 13:43, Christer Weinigel wrote:
> I'd like to submit a few trivial patches that I've had on my hard
> drive for a while. This patch is against the latest version in the
> trunk on bzr.savannah.gnu.org.
>
> If grub_file_getline tries to read a line which is exactly
> 64 bytes long it will write the terminating zero past the
> end of the allocated buffer causing memory corruption.
>
> Trivial fix which reserves one more byte in the buffer.
>
> diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
> index feeb1ef..eb4b1c7 100644
> --- a/grub-core/normal/main.c
> +++ b/grub-core/normal/main.c
> @@ -65,7 +65,7 @@ grub_file_getline (grub_file_t file)
> continue;
>
>
> - if (pos >= max_len)
> + if (pos + 1 >= max_len)
> {
> char *old_cmdline = cmdline;
> max_len = max_len * 2;
>
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 294 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-05-31 12:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-31 11:43 [PATCH] fix off-by-one in grub_file_getline Christer Weinigel
2012-05-31 12:35 ` Vladimir 'φ-coder/phcoder' Serbinenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.