URL: <http://savannah.gnu.org/bugs/?46164>
Summary: UFS sparse file memset Project: GNU GRUB Submitted by: bluhm Submitted on: Fri 09 Oct 2015 11:17:18 AM GMT Category: Filesystem Severity: Major Priority: 5 - Normal Item Group: Software Error Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: Git master Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: When creating a sparse file, that is a file with 0 not written to disk, on an OpenBSD FFS file system, GRUB does not read it correctly. The UFS code in GRUB is responsible for reading FFS file systems, it can handle sparse files, but has a bug there. The second and third parameters for memset() are exchanged. It is defined as void *grub_memset (void *s, int c, grub_size_t len) but called as grub_memset (buf, UFS_BLKSZ (sblock) - skipfirst, 0) Also the length of the buffer is not checked, so the last block could cause an overflow. The blockend variable seems to contain the correct length already. I have found the bug and tested the fix with OpenBSD and GRUB 2. The git master has the same code. Alexander Bluhm --- a/contrib/grub2/grub-core/fs/ufs.c +++ b/contrib/grub2/grub-core/fs/ufs.c @@ -394,7 +394,7 @@ grub_ufs_read_file (struct grub_ufs_data *data, return -1; } else - grub_memset (buf, UFS_BLKSZ (sblock) - skipfirst, 0); + grub_memset (buf, 0, blockend); buf += UFS_BLKSZ (sblock) - skipfirst; } _______________________________________________________ File Attachments: ------------------------------------------------------- Date: Fri 09 Oct 2015 11:17:18 AM GMT Name: grub.diff Size: 324B By: bluhm Patch ufs.c <http://savannah.gnu.org/bugs/download.php?file_id=35122> _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?46164> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub