[syslinux:master] gfxboot: fix buffer overrun when loading kernel/initramfs
syslinux-bot for Colin Watson
cjwatson at ubuntu.com
Wed Oct 20 13:42:36 PDT 2010
Commit-ID: 778fcea7d4e3e2a595df0a18475d83d008216117
Gitweb: http://syslinux.zytor.com/commit/778fcea7d4e3e2a595df0a18475d83d008216117
Author: Colin Watson <cjwatson at ubuntu.com>
AuthorDate: Wed, 20 Oct 2010 21:23:02 +0200
Committer: Sebastian Herbszt <herbszt at gmx.de>
CommitDate: Wed, 20 Oct 2010 21:25:38 +0200
gfxboot: fix buffer overrun when loading kernel/initramfs
If the file size wasn't a multiple of 64KB, we could overwrite the next
entry in the malloc arena so reading the initramfs would fail.
Signed-off-by: Colin Watson <cjwatson at ubuntu.com>
Signed-off-by: Sebastian Herbszt <herbszt at gmx.de>
---
com32/gfxboot/gfxboot.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/com32/gfxboot/gfxboot.c b/com32/gfxboot/gfxboot.c
index 3b09e74..2323f8e 100644
--- a/com32/gfxboot/gfxboot.c
+++ b/com32/gfxboot/gfxboot.c
@@ -21,6 +21,7 @@
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <minmax.h>
#include <syslinux/loadfile.h>
#include <syslinux/config.h>
@@ -770,7 +771,7 @@ void *load_one(char *file, ssize_t *file_size)
if(size) {
buf = malloc(size);
for(i = 1, cur = 0 ; cur < size && i > 0; cur += i) {
- i = save_read(fd, buf + cur, CHUNK_SIZE);
+ i = save_read(fd, buf + cur, min(CHUNK_SIZE, size - cur));
if(i == -1) break;
gfx_progress_update(i);
}
More information about the Syslinux-commits
mailing list