Re: free magic is broken
"Vincent Guffens" <[EMAIL PROTECTED]> writes: Hi Vincent, > I have made a small test program that uses the memory management of grub2 to > manage an allocated buffer and I can reproduce the free magic is broken > problem with it. Wow! Nice work! This bug has shown up before but was not easy to reproduce. I am happy you found a way to reproduce the bug and come up with a fix. Thanks, Marco ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: free magic is broken
Yoshinori K. Okuji wrote: On Wednesday 22 June 2005 23:13, Vincent Guffens wrote: I have prepared a small web page with some details as it is a little bit long to explain here. See it there if you want more information: http://www.auto.ucl.ac.be/~guffens/grub2_netboot/free_magic_broken.html Thank you very much for your analysis! I finally understood what's wrong, and checked in a fix (a bit different from yours). I guess it was very hard to find how to reproduce this bug. Okuji yes, it was good fun (and a long night)! I managed to post a wrong test version yesterday. In the test program, this is not grub_malloc(base->first->size*(16-1)); but grub_malloc(base->first->size*16-16); Although it turns out to be equivalent as far as the bug is concerned, in this particular example. It is good to have that nasty one behind ! -- Vincent Guffens PhD Student UCL/CESAME tel: +32 10 47 80 30 Value your freedom, or you will lose it, teaches history. "Don't bother us with politics," respond those who don't want to learn. -- Richard M. Stallman ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: free magic is broken
On Wednesday 22 June 2005 23:13, Vincent Guffens wrote: > I have prepared a small web page with some details as it is a little bit > long to explain here. See it there if you want more information: > > http://www.auto.ucl.ac.be/~guffens/grub2_netboot/free_magic_broken.html Thank you very much for your analysis! I finally understood what's wrong, and checked in a fix (a bit different from yours). I guess it was very hard to find how to reproduce this bug. Okuji ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
free magic is broken
Hi,
I have made a small test program that uses the memory management of grub2 to
manage an allocated buffer and I can reproduce the free magic is broken
problem with it.
I have prepared a small web page with some details as it is a little bit long
to explain here. See it there if you want more information:
http://www.auto.ucl.ac.be/~guffens/grub2_netboot/free_magic_broken.html
I propose the following patch to fix this problem. This patch will modify the
mm code of grub2 only when the problem would occur in subsequent call to
grub_free:
diff -ru grub2/kern/mm.c grub2_free_magic_broken/kern/mm.c
--- grub2/kern/mm.c 2005-01-20 18:25:39.0 +0100
+++ grub2_free_magic_broken/kern/mm.c 2005-06-22 22:59:58.660577232 +0200
@@ -298,6 +298,10 @@
p->next->magic = 0;
p->size += p->next->size;
p->next = p->next->next;
+ if (q->magic != GRUB_MM_FREE_MAGIC) {
+ r->first = p;
+ return;
+ }
}
if (q + q->size == p)
--
Vincent Guffens
UCL/CESAME +32 10 47 80 30
Euler Building A017
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
