From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1VJYnt-0002Cp-87
	for mharc-grub-devel@gnu.org; Tue, 10 Sep 2013 21:01:09 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44529)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VJYni-0002CI-N2
	for grub-devel@gnu.org; Tue, 10 Sep 2013 21:01:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VJYna-0004Q0-0K
	for grub-devel@gnu.org; Tue, 10 Sep 2013 21:00:58 -0400
Received: from mail-ea0-x231.google.com ([2a00:1450:4013:c01::231]:50497)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VJYnZ-0004PK-9A
	for grub-devel@gnu.org; Tue, 10 Sep 2013 21:00:49 -0400
Received: by mail-ea0-f177.google.com with SMTP id f15so4173026eak.8
	for <grub-devel@gnu.org>; Tue, 10 Sep 2013 18:00:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type;
	bh=gTaUkFyOtSdeIbt89S74bcOwdO7ywrxGGiZui/E6+DY=;
	b=FeXuOZCsK41xDT68AQk6wlWWoCb+pz7AB+d3h51pciJcxhtzfoD59yZ8JctfH5W++4
	MRulv1IbgxTO4ahsn4zqOKAg6HNAC55PKHM3r4Ch7yeobEb/oYMDvlELEumwe1GJPFz5
	Xaic8ZxirVfKnzC4OyWk8Jg2Bpkvi3dnbCmvZOtGCrfXlekGeuqqvQtltFjXMyZNhTqs
	Hj4GIq/8PXCbyCUZamiNswa4HZso7E0iJbBOduIvww1vxMU3aVZYVvBwIxE8+QRD2kcK
	oh+4lNuRCig5LX3UnhNHnhacrJFz+QdwmKcnA49U6p6Lg6D1jVZhpNfXpOKAtmb05/B6
	lykw==
X-Received: by 10.14.8.72 with SMTP id 48mr43157544eeq.25.1378861247659;
	Tue, 10 Sep 2013 18:00:47 -0700 (PDT)
Received: from [192.168.1.113] (31-249.1-85.cust.bluewin.ch. [85.1.249.31])
	by mx.google.com with ESMTPSA id i1sm35888580eeg.0.1969.12.31.16.00.00
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Tue, 10 Sep 2013 18:00:47 -0700 (PDT)
Message-ID: <522FC0BE.5020807@gmail.com>
Date: Wed, 11 Sep 2013 03:00:46 +0200
From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?=
	<phcoder@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130821 Icedove/17.0.8
MIME-Version: 1.0
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: calculation overflow in grub_mm_init_region (patch)
References: <20130829172603.GP18151@rocoto.smurfnet.nu>
	<20130910121333.GA2737@rocoto.smurfnet.nu>
In-Reply-To: <20130910121333.GA2737@rocoto.smurfnet.nu>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2UCRTLFETBGEMACGUGPWV"
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:4013:c01::231
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 01:01:07 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2UCRTLFETBGEMACGUGPWV
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable


>    for (*r =3D grub_mm_base; *r; *r =3D (*r)->next)
> -    if ((grub_addr_t) ptr > (grub_addr_t) ((*r) + 1)
> -       && (grub_addr_t) ptr <=3D (grub_addr_t) ((*r) + 1) + (*r)->size=
)
> -      break;
> +    {
> +      grub_addr_t region_start =3D (grub_addr_t) ((*r) + 1);
> +      grub_addr_t region_end =3D (grub_addr_t) ((*r) + 1) + (*r)->size=
;
> +
> +      if (block_start > region_start)
> +       if ((block_start <=3D region_end) || (region_end =3D=3D 0))
> +         break;
> +    }
This fix looks correct but as indicated by us not having discovered this
bug earlier, this is a very unusual case and it's difficult to ensure
that similar bug doesn't pop up in another place or that we don't suffer
a regression. I'd prefer to exclude top 4K of adressable memory from
heap as safety measure. Are you ok with this approach?



------enig2UCRTLFETBGEMACGUGPWV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iF4EAREKAAYFAlIvwL4ACgkQNak7dOguQgnzwgEAmxdK6HuSpzRKf2qrv26BDl1r
pyjhf+w0/aQgRSsQ6tsA/jvLNN671zfvOdzXFOOSiIAQpbPC/fIZcUmbTg1D1L2o
=3izH
-----END PGP SIGNATURE-----

------enig2UCRTLFETBGEMACGUGPWV--