Re: [PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac_pal

From:	Robert Millan
Subject:	Re: [PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac_palette()
Date:	Sat, 12 Sep 2009 15:06:14 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

Committed.  Btw, revision of the existing code in this function still
welcome (not all memory corruption bugs associated with it are fixed).

On Thu, Sep 10, 2009 at 09:48:16PM +0200, Robert Millan wrote:
> 
> These were spotted by Colin Watson.  Unfortunately, users report that it
> doesn't fix the problem for them.  But the fix almost certainly looks good,
> so I'm inclined to commit it.
> 
> I'd appreciate if more people can review this code (my proposed changes and
> the function as a whole).  I can't see any other vector that could introduce
> corruption, other than the VBE interrupt routine itself.
> 
> -- 
> Robert Millan
> 
>   The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
>   how) you may access your data; but nobody's threatening your freedom: we
>   still allow you to remove your data and not access it at all."

> 2009-09-10  Robert Millan  <address@hidden>
> 
>       Fix memory corruption issue (spotted by Colin Watson).
> 
>       * kern/i386/pc/startup.S (grub_vbe_bios_getset_dac_palette): Fix bug
>       causing returned size to be stored in an incorrect memory location.
>       Fix use of uninitialized value when storing the returned size.
> 
> Index: kern/i386/pc/startup.S
> ===================================================================
> --- kern/i386/pc/startup.S    (revision 2583)
> +++ kern/i386/pc/startup.S    (working copy)
> @@ -1761,18 +1761,18 @@ FUNCTION(grub_vbe_bios_getset_dac_palett
>       movw    $0x4f08, %ax
>       int     $0x10
>  
> -     movw    %ax, %dx        /* real_to_prot destroys %eax.  */
> +     movw    %ax, %cx        /* real_to_prot destroys %eax.  */
>  
>       DATA32 call     real_to_prot
>       .code32
>  
>       /* Move result back to *dac_mask_size.  */
> +     xorl    %eax, %eax
>       movb    %bh, %al
>       movl    %eax, (%edx)
>  
>       /* Return value in %eax.  */
> -     xorl    %eax, %eax
> -     movw    %dx, %ax
> +     movw    %cx, %ax
>  
>       popl    %ebx
>       popl    %ebp

> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel


-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac_palette(), Robert Millan, 2009/09/10
- Re: [PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac_palette(), Robert Millan <=

Prev by Date: Re: grub-mkconfig fails on every non i386-pc because of gfxterm/vbe
Next by Date: Re: [PATCH] move DAC register setting to linux.c
Previous by thread: [PATCH] fix memory corruption issues in grub_vbe_bios_getset_dac_palette()
Next by thread: [PATCH] loopback vs. 'set root='
Index(es):
- Date
- Thread