diff options
| author | Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> | 2024-04-22 08:51:07 +0100 |
|---|---|---|
| committer | Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> | 2024-04-22 08:51:07 +0100 |
| commit | d1b722d7ee3454364e10eb4ff0c218225c57ebd0 (patch) | |
| tree | be82fbb6ec9f33ee885022c0fb0733dd62d5456a | |
| parent | d5faa80713d25a8c8d47a3fb4d215d6c96e338ba (diff) | |
| download | openbios-d1b722d7ee3454364e10eb4ff0c218225c57ebd0.zip openbios-d1b722d7ee3454364e10eb4ff0c218225c57ebd0.tar.gz openbios-d1b722d7ee3454364e10eb4ff0c218225c57ebd0.tar.bz2 | |
packages/pc-parts.c: fix bug in extended partition logic
When compiled with gcc 12 packages/pc-parts.c generates the following error:
/root/packages/pc-parts.c:243:64: error: array subscript 1 is outside array bounds of 'struct pc_partition[1]' [-Werror=array-bounds]
243 | cur_table = ext_start + __le32_to_cpu(p[1].start_sect);
| ~^~~
/root/include/libc/byteorder.h:12:13: note: in definition of macro '__bswap32'
12 | ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
| ^
/root/packages/pc-parts.c:243:49: note: in expansion of macro '__le32_to_cpu'
243 | cur_table = ext_start + __le32_to_cpu(p[1].start_sect);
| ^~~~~~~~~~~~~
/root/packages/pc-parts.c:143:13: note: at offset 16 into object of size 16 allocated by 'malloc'
143 | p = malloc(sizeof(struct pc_partition));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [rules.mak:191: target/packages/pc-parts.o] Error 1
make[1]: Leaving directory '/root/obj-ppc'
Upon inspection this appears to be a genuine bug whereby the attempt to access
the second extended partition entry incorrectly accesses the memory beyond the
end of the aligned copy of the first extended partition entry.
Copy the second extended partition entry into aligned extended partition buffer
and access the values from there to resolve the issue.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
| -rw-r--r-- | packages/pc-parts.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/packages/pc-parts.c b/packages/pc-parts.c index dbbb2d4..ddc68e1 100644 --- a/packages/pc-parts.c +++ b/packages/pc-parts.c @@ -235,12 +235,15 @@ pcparts_open( pcparts_info_t *di ) } /* Second entry is link to next partition */ - if (!is_pc_extended_part(p[1].type)) { + partition = (struct pc_partition *) (buf + 0x1ce); + memcpy(p, partition, sizeof(struct pc_partition)); + + if (!is_pc_extended_part(p->type)) { DPRINTF("no link\n"); break; } - cur_table = ext_start + __le32_to_cpu(p[1].start_sect); + cur_table = ext_start + __le32_to_cpu(p->start_sect); cur_part++; } |