[bug #33422] acorn.c: buffer access out of bounds

David Volgyes Sun, 29 May 2011 01:10:51 -0700

URL:
  <http://savannah.gnu.org/bugs/?33422>


                 Summary: acorn.c: buffer access out of bounds
                 Project: GNU GRUB
            Submitted by: dvolgyes
            Submitted on: Sun 29 May 2011 08:19:21 AM GMT
                Category: Disk &amp; Partition
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: Bazaar - trunk
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

In tar.gz of 1.99rc2 version:
At grub-core/partmap/acorn.c:74
a for-loop tries to access 0x1ff elements in an array
(boot.misc) which has only 0x1c0.
(See grub_acorn_boot_block at the beginning of the same file.)

(Found with cppcheck 1.47.)

I do not know what is the expected behavior of this code-fragments but I am
quite sure that this is a serious bug.





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?33422>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/


_______________________________________________
Bug-grub mailing list
Bug-grub@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-grub

[bug #33422] acorn.c: buffer access out of bounds

Reply via email to