From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1WIjHo-0002lF-Qp
	for mharc-grub-devel@gnu.org; Wed, 26 Feb 2014 13:32:52 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43197)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <linuxram@us.ibm.com>) id 1WIjHd-0002Qv-JG
	for grub-devel@gnu.org; Wed, 26 Feb 2014 13:32:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <linuxram@us.ibm.com>) id 1WIjHU-0001MZ-MA
	for grub-devel@gnu.org; Wed, 26 Feb 2014 13:32:41 -0500
Received: from e35.co.us.ibm.com ([32.97.110.153]:38844)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <linuxram@us.ibm.com>) id 1WIjHU-0001MT-FB
	for grub-devel@gnu.org; Wed, 26 Feb 2014 13:32:32 -0500
Received: from /spool/local
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <grub-devel@gnu.org> from <linuxram@us.ibm.com>;
	Wed, 26 Feb 2014 11:32:32 -0700
Received: from d03dlp01.boulder.ibm.com (9.17.202.177)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted; 
	Wed, 26 Feb 2014 11:32:31 -0700
Received: from b03cxnp07028.gho.boulder.ibm.com
	(b03cxnp07028.gho.boulder.ibm.com [9.17.130.15])
	by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id BE5EE1FF0049
	for <grub-devel@gnu.org>; Wed, 26 Feb 2014 11:32:30 -0700 (MST)
Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168])
	by b03cxnp07028.gho.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with
	ESMTP id s1QIVvrb8585566
	for <grub-devel@gnu.org>; Wed, 26 Feb 2014 19:31:57 +0100
Received: from d03av02.boulder.ibm.com (localhost [127.0.0.1])
	by d03av02.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP
	id s1QIWUM7019095
	for <grub-devel@gnu.org>; Wed, 26 Feb 2014 11:32:30 -0700
Received: from ram.oc3035372033.ibm.com.com (sig-9-65-83-23.mts.ibm.com
	[9.65.83.23])
	by d03av02.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id
	s1QIVZLl014663; Wed, 26 Feb 2014 11:32:28 -0700
From: Ram Pai <linuxram@us.ibm.com>
To: grub-devel@gnu.org
Subject: [RFC PATCH 22/23] fix segfaults if initrd 
Date: Wed, 26 Feb 2014 10:31:21 -0800
Message-Id: <1393439482-20341-23-git-send-email-linuxram@us.ibm.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1393439482-20341-1-git-send-email-linuxram@us.ibm.com>
References: <1393439482-20341-1-git-send-email-linuxram@us.ibm.com>
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 14022618-6688-0000-0000-000007007F65
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
X-Received-From: 32.97.110.153
Cc: tonyb@au1.ibm.com, anton@au1.ibm.com, linuxram@us.ibm.com,
	tlfalcon@linux.vnet.ibm.com, tbberry@us.ibm.com
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 18:32:51 -0000

 grub segfaults if initrd is specified before specifying
 the kernel. The problem is the initrd module sees that kernel is not
 specified and takes the fail path. In the fail path it checks if anything has
 be malloc'ed. Unfortunately the variable that it looks to check for is a
 uninitialized stack variable. The stack variable can incorrectly indicate
 something is malloced, which leads the module to free some unallocated
 memory. This patch fixes the problem by initializing the stack variable.

Signed-off-by: Ram Pai <linuxram@us.ibm.com>
---
 grub-core/loader/powerpc/ieee1275/linux.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/grub-core/loader/powerpc/ieee1275/linux.c b/grub-core/loader/powerpc/ieee1275/linux.c
index 3d6a61e..7f85eab 100644
--- a/grub-core/loader/powerpc/ieee1275/linux.c
+++ b/grub-core/loader/powerpc/ieee1275/linux.c
@@ -335,6 +335,10 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
   grub_addr_t addr;
   struct grub_linux_initrd_context initrd_ctx;
 
+  // initialize, otherwise the fail path will try to 
+  // free up data and segfault
+  initrd_ctx.components = NULL; 
+
   if (argc == 0)
     {
       grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
-- 
1.8.5.3