[PATCH] fix off-by-one in grub_file

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] fix off-by-one in grub_file_getline

From:	Christer Weinigel
Subject:	[PATCH] fix off-by-one in grub_file_getline
Date:	Thu, 31 May 2012 13:43:29 +0200 (CEST)

I'd like to submit a few trivial patches that I've had on my hard
drive for a while.  This patch is against the latest version in the
trunk on bzr.savannah.gnu.org.

If grub_file_getline tries to read a line which is exactly
64 bytes long it will write the terminating zero past the
end of the allocated buffer causing memory corruption.

Trivial fix which reserves one more byte in the buffer.

diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index feeb1ef..eb4b1c7 100644
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -65,7 +65,7 @@ grub_file_getline (grub_file_t file)
        continue;
 
 
-      if (pos >= max_len)
+      if (pos + 1 >= max_len)
        {
          char *old_cmdline = cmdline;
          max_len = max_len * 2;

-- 
Have laptop, will travel.  I'm a consultant looking for interesting
jobs anywhere in the world.  I'm an experienced software engineer with
a solid understanding of hardware.  Specialities: Linux, device
drivers and embedded systems in general.  Find me at www.weinigel.se.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] fix off-by-one in grub_file_getline, Christer Weinigel <=
- Re: [PATCH] fix off-by-one in grub_file_getline, Vladimir 'φ-coder/phcoder' Serbinenko, 2012/05/31

Prev by Date: Re: EHCI driver
Next by Date: Re: [PATCH] fix off-by-one in grub_file_getline
Previous by thread: [PATCH] correct definition of GRUB_EHCI_MULT_ONE, TWO and THREE
Next by thread: Re: [PATCH] fix off-by-one in grub_file_getline
Index(es):
- Date
- Thread