[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #60458] grub 2.06 reboots immediately when compiled with -O2 (bisec
|
From: |
Tony Battersby |
|
Subject: |
[bug #60458] grub 2.06 reboots immediately when compiled with -O2 (bisected) |
|
Date: |
Mon, 26 Apr 2021 14:38:16 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0 |
URL:
<https://savannah.gnu.org/bugs/?60458>
Summary: grub 2.06 reboots immediately when compiled with -O2
(bisected)
Project: GNU GRUB
Submitted by: cybertony
Submitted on: Mon 26 Apr 2021 06:38:14 PM UTC
Category: Booting
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Release:
Release: Git master
Discussion Lock: Any
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
When grub-2.06-rc1 is compiled with -O2 instead of the default -Os, it reboots
immediately instead of showing the menu, leading to an endless reboot loop. I
am using x86-64 legacy BIOS mode (no EFI) on a variety of motherboards and
CPUs. I have bisected the problem down to the following commit:
commit 4ea7bae51f97e49c84dc67ea30b466ca8633b9f6
Author: Chris Coulson <chris.coulson@canonical.com>
Date: Thu Jan 7 19:21:03 2021 +0000
kern/parser: Fix a stack buffer overflow
grub_parser_split_cmdline() expands variable names present in the
supplied
command line in to their corresponding variable contents and uses a 1 kiB
stack buffer for temporary storage without sufficient bounds checking. If
the function is called with a command line that references a variable
with
a sufficiently large payload, it is possible to overflow the stack
buffer via tab completion, corrupt the stack frame and potentially
control execution.
Fixes: CVE-2020-27749
Reported-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reverting that commit fixes the problem.
I noticed this problem after upgrading to the just-released Yocto 3.3
Hardknott. Yocto has "-O2" in the default CFLAGS, which is how I encountered
this problem (I don't actually care about the grub optimization level). I
verified that the same problem exists if I compile grub 2.06-rc1 on Ubuntu
20.04 with CFLAGS="-O2" outside of Yocto. Although I can fix the problem by
telling Yocto to use -Os instead of -O2, I figured that this issue might point
to a bug in the code that is worth reporting and fixing.
Yocto 3.3 has gcc 10.2
Ubuntu 20.04 has gcc 9.3
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?60458>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #60458] grub 2.06 reboots immediately when compiled with -O2 (bisected),
Tony Battersby <=