[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GRUB has a problem with a big grub.cfg

From: Bean
Subject: Re: GRUB has a problem with a big grub.cfg
Date: Tue, 29 Jul 2008 19:48:35 +0800

On Mon, Jul 28, 2008 at 6:12 PM, Felix Zielcke <address@hidden> wrote:
> GRUB 2 has a problem with many kernel entrys in grub.cfg
> This works fine for me with grub-emu but not real GRUB
> I reproduced this now in qemu 0.9.1-5 from debian unstable
> Attached is the floppy image i used and the kernel entrys i added to the
> insmod lines generated by grub-mkrescue
> Welcome to GRUB!
> free magic is broken at 0x7f17a00: 0x3d616776
> I tried to find out how big grub.cfg exactly must be for it to fail, but
> I couldn't
> I deleted the entrys in little chunks and then after GRUB loaded the
> menu fine I added again some, but it keep displaying the menu fine with
> the new entrys added.
> So something in GRUB's memory management seems to be a bit broken with a
> big grub.cfg
> But I still wonder why you need that much kernels and now with testing
> in qemu I noticed that the reporter has the exact same menuentrys more
> then once in grub.cfg


I have found the bug, it's caused by buffer overflown. In get_line
(normal/main.c), if the string length is multiple of 64, the ending \0
will overflow the buffer, this patch fix the problem:

diff --git a/normal/main.c b/normal/main.c
index e5458fc..70f2f1d 100644
--- a/normal/main.c
+++ b/normal/main.c
@@ -97,9 +97,6 @@ get_line (grub_file_t file)
-         if (c == '\n')
-           break;
          if (pos >= max_len)
              char *old_cmdline = cmdline;
@@ -112,6 +109,9 @@ get_line (grub_file_t file)

+         if (c == '\n')
+           break;
          cmdline[pos++] = c;


reply via email to

[Prev in Thread] Current Thread [Next in Thread]