[Patch] Fix VESA VBE BIOS support in GRUB Legacy

Sat, 20 Nov 2010 14:13:38 -0800 

Hello folks,
GRUB Legacy has two builtin commands "vbeprobe" and "testvbe" which are intended to test VESA VBE BIOS graphics modes (e.g. for manually testing the correct Linux VESA framebuffer mode before setting the vga= Linux kernel command line value). 


However, on many recent graphics cards which are VESA 3.0 compliant 
these commands do not work. The reason is a wrong definition of the 
vbe_mode structure in stage2/shared.h. The VBE mode info structure 
should be 256 bytes long, but here it is actually only 255 bytes long, 
the array "unsigned char reserved3[189]" should be actually declared as 
"unsigned char reserved3[190]" (frankly, the same mistake is also 
present in the official VESA VBE 3.0 specification document).



As the vbe_mode structure is allocated on stack in vbeprobe_func() and 
testvbe_func() (stage2/builtins.c), if the VESA BIOS actually stores all 
256 bytes in the 0x4f01 call (Get Mode Info), the last byte overruns the 
structure and ends in a different variable on the stack (mode_number in 
case of vbeprobe_func()), thus rendering both routines non-functional.




Please see a trivial patch attached to this email which solves the 
issue. Thanks for committing it to the mainline of GRUB Legacy -- I 
understand that GRUB Legacy is no longer in development, but this is a 
stack overrun type of bug which should be fixed. I have not checked GRUB 
2 whether it contains the same mistake, but somebody might have a look 
on it.



Best regards

Martin Decky
--
    ------------------------------------------------------------------
    Mgr. Martin Decky
     Department of Distributed and Dependable Systems,
     Faculty of Mathematics and Physics,
     Charles University in Prague,
     Czech Republic

    de...@d3s.mff.cuni.cz                              mar...@decky.cz
    http://d3s.mff.cuni.cz/~decky/                 http://www.decky.cz
    ------------------------------------------------------------------

diff -Naur grub-0.97.orig/stage2/shared.h grub-0.97/stage2/shared.h
--- grub-0.97.orig/stage2/shared.h	2010-11-20 14:09:12.000000000 +0100
+++ grub-0.97/stage2/shared.h	2010-11-20 14:09:54.264798566 +0100
@@ -515,7 +515,7 @@
   unsigned char linear_reserved_field_position;
   unsigned long max_pixel_clock;
 
-  unsigned char reserved3[189];
+  unsigned char reserved3[190];
 } __attribute__ ((packed));
 
 

_______________________________________________
Bug-grub mailing list
Bug-grub@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-grub






















					Reply via email to