Hi,
I just spent a few hours trying to analyse this bug, but so far I
haven't found what could cause this.
The message 'Installing grub on ' is generated by this line:
info "Installing grub on '$bootdev'"
Obviously, this "bootdev" variable is what the entire rest of the script
is built to do, so figuring out where the garbage is coming from is
non-trivial.
I found two possibilities. The first is a line that looks like this:
mappedbootdev=$(mapdevfs "$bootdev") || true
mapdevfs is part of debian-installer-utils, and is a fairly short file
which just calls a C function from libdebian-installer. I audited the
code which would seem to be called, but could not find any constructs
that might be suspicious or that could cause a C buffer overflow or
anything similar (which doesn't mean it doesn't exist, just that I
couldn't find one).
The second is the fact that grub-probe is called a few times, which is
also written in C. I didn't audit that code, but did find that when
called with invalid input, grub-probe would just segfault. For instance:
grub-probe '(hd0)'
segfaults with my current version of grub-probe (I filed a separate bug
on that). I didn't investigate its code, but it's not unfathomable that
some invalid input to grub-probe could generate garbage such as in this
bugreport. I don't know for sure, however, and ran out of time.
At this point, I'm tempted to add a check to the for loop that starts on
line 650 in the current HEAD (commit 062ddbcb66150) for something along
the lines of:
if [ ! -b $bootdev ]; then
# jump to the next loop iteration here
fi
which will not only protect against garbage, but also against trying to
install to devices that don't exist on this system.
--
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
