[bug #46164] UFS sparse file memset

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #46164] UFS sparse file memset

From:	Alexander Bluhm
Subject:	[bug #46164] UFS sparse file memset
Date:	Fri, 09 Oct 2015 11:17:20 +0000
User-agent:	Mozilla/5.0 (X11; OpenBSD amd64; rv:41.0) Gecko/20100101 Firefox/41.0

URL:
  <http://savannah.gnu.org/bugs/?46164>

                 Summary: UFS sparse file memset
                 Project: GNU GRUB
            Submitted by: bluhm
            Submitted on: Fri 09 Oct 2015 11:17:18 AM GMT
                Category: Filesystem
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: Git master
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

When creating a sparse file, that is a file with 0 not written to
disk, on an OpenBSD FFS file system, GRUB does not read it correctly.

The UFS code in GRUB is responsible for reading FFS file systems,
it can handle sparse files, but has a bug there.  The second
and third parameters for memset() are exchanged.

It is defined as
void *grub_memset (void *s, int c, grub_size_t len)
but called as
grub_memset (buf, UFS_BLKSZ (sblock) - skipfirst, 0)

Also the length of the buffer is not checked, so the last block
could cause an overflow.  The blockend variable seems to contain
the correct length already.

I have found the bug and tested the fix with OpenBSD and GRUB 2.
The git master has the same code.

Alexander Bluhm

--- a/contrib/grub2/grub-core/fs/ufs.c
+++ b/contrib/grub2/grub-core/fs/ufs.c
@@ -394,7 +394,7 @@ grub_ufs_read_file (struct grub_ufs_data *data,
            return -1;
        }
       else
-       grub_memset (buf, UFS_BLKSZ (sblock) - skipfirst, 0);
+       grub_memset (buf, 0, blockend);
 
       buf += UFS_BLKSZ (sblock) - skipfirst;
     }




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Fri 09 Oct 2015 11:17:18 AM GMT  Name: grub.diff  Size: 324B   By: bluhm
Patch ufs.c
<http://savannah.gnu.org/bugs/download.php?file_id=35122>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?46164>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #46164] UFS sparse file memset, Alexander Bluhm <=
- [bug #46164] UFS sparse file memset, Vladimir Serbinenko, 2015/10/09

Prev by Date: [bug #46135] Enter key does not work on Grub console if keymap is changed
Next by Date: [bug #46164] UFS sparse file memset
Previous by thread: [bug #46135] Enter key does not work on Grub console if keymap is changed
Next by thread: [bug #46164] UFS sparse file memset
Index(es):
- Date
- Thread