From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1XVaob-0000AS-Eb for mharc-grub-devel@gnu.org; Sun, 21 Sep 2014 02:40:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50938) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XVaoQ-00006P-MV for grub-devel@gnu.org; Sun, 21 Sep 2014 02:40:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XVaoH-0005uQ-Lw for grub-devel@gnu.org; Sun, 21 Sep 2014 02:39:58 -0400 Received: from mail-lb0-x22b.google.com ([2a00:1450:4010:c04::22b]:58867) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XVaoH-0005uC-EL for grub-devel@gnu.org; Sun, 21 Sep 2014 02:39:49 -0400 Received: by mail-lb0-f171.google.com with SMTP id l4so5178541lbv.30 for ; Sat, 20 Sep 2014 23:39:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=YQVJc08BcjX4YPJcnAj4oGMLwNyMvb/mf8u7RbVPJPc=; b=r9t8OxdUYQbCIEKKEVrlyUCMj2mWTyxJ39vw3FKWEJKPSEOaEzi1TUG/eH1j8y1Dvk yS2wvIjxdd5jKD1i5TkKbbJ59XK2xzOEHJYv6AahDTjz3xERCKADPVbxru2xyrIQ2Hdm T0Kl0VI/N1j9PC49F8kV6Aa+fECweSdL1YMW7XZr11KnbFy+HrA8J6lp7mCa3xbsmIL8 HpvLW8DWDNxs4qibgBOlGEa4frpAMnB1wgwXl2v6Pz06lI3vHwFg/5wX7Cd7BWNHcuhI OeCBK/v1H21G8YA+F1QqkO+dxs7jWxSnW6GCSn2dhF0sRtkD8qVWoAtoZYc6z8mUjHUf rFjw== X-Received: by 10.152.87.170 with SMTP id az10mr17579635lab.20.1411281582973; Sat, 20 Sep 2014 23:39:42 -0700 (PDT) Received: from opensuse.site (ppp94-29-94-89.pppoe.spdop.ru. [94.29.94.89]) by mx.google.com with ESMTPSA id mn4sm2360249lbb.4.2014.09.20.23.39.41 for (version=SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 20 Sep 2014 23:39:42 -0700 (PDT) Date: Sun, 21 Sep 2014 10:39:40 +0400 From: Andrei Borzenkov To: The development of GNU GRUB Subject: Re: [PATCH] Initialized initrd_ctx so we don't free a random pointer from the stack. Message-ID: <20140921103940.6d9858e4@opensuse.site> In-Reply-To: <1410985811-17520-1-git-send-email-pjones@redhat.com> References: <1410985811-17520-1-git-send-email-pjones@redhat.com> X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.23; x86_64-suse-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c04::22b X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Sep 2014 06:40:07 -0000 =D0=92 Wed, 17 Sep 2014 16:30:11 -0400 Peter Jones =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > Currently, if "linux" fails, the "goto fail;" in grub_cmd_initrd sends us > into grub_initrd_close() without grub_initrd_init() being called, and thus > it never clears initrd_ctx->components. grub_initrd_close() then frees t= hat > address, which is stale data from the stack. If the stack happens to hav= e a > stale *address* there that matches a recent allocation, then you'll get a > double free later. >=20 > So initialize the memory up front. >=20 Pushed.