Print this page
3027 installgrub can segfault when encountering bogus data on disk
@@ -401,11 +401,11 @@
device_path);
retval = BC_NOEINFO;
goto out_dev;
}
- einfo = find_einfo(stage2->extra);
+ einfo = find_einfo(stage2->extra, stage2->extra_size);
if (einfo == NULL) {
retval = BC_NOEINFO;
(void) fprintf(stderr, gettext("No extended information "
"found\n"));
goto out_dev;
@@ -499,11 +499,11 @@
"stage2\n", curr_device->path);
retval = BC_NOEXTRA;
goto out_devs;
}
- einfo_curr = find_einfo(stage2_curr->extra);
+ einfo_curr = find_einfo(stage2_curr->extra, stage2_curr->extra_size);
if (einfo_curr != NULL)
updt_str = einfo_get_string(einfo_curr);
write_mbr = B_TRUE;
force_mbr = B_TRUE;
@@ -1219,10 +1219,11 @@
stage2->file = stage2->buf;
stage2->file_size = size;
stage2->mboot_off = mboot_off;
stage2->mboot = (multiboot_header_t *)(stage2->buf + stage2->mboot_off);
stage2->extra = stage2->buf + P2ROUNDUP(stage2->file_size, 8);
+ stage2->extra_size = stage2->buf_size - P2ROUNDUP(stage2->file_size, 8);
return (BC_SUCCESS);
}
static boolean_t
@@ -1249,11 +1250,11 @@
/*
* Look for the extended information structure in the extra payload
* area.
*/
- einfo = find_einfo(stage2_disk.extra);
+ einfo = find_einfo(stage2_disk.extra, stage2_disk.extra_size);
if (einfo == NULL) {
BOOT_DEBUG("No extended information available\n");
return (B_TRUE);
}