[syslinux] [PATCH] gfxboot: fix buffer overrun when loading kernel/initramfs
Colin Watson
cjwatson at ubuntu.com
Wed Jul 14 06:11:56 PDT 2010
If the file size wasn't a multiple of 64KB, we could overwrite the next
entry in the malloc arena so reading the initramfs would fail.
Signed-off-by: Colin Watson <cjwatson at ubuntu.com>
---
com32/gfxboot/gfxboot.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/com32/gfxboot/gfxboot.c b/com32/gfxboot/gfxboot.c
index dd4d641..0fbfadd 100644
--- a/com32/gfxboot/gfxboot.c
+++ b/com32/gfxboot/gfxboot.c
@@ -21,6 +21,7 @@
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <minmax.h>
#include <syslinux/loadfile.h>
#include <syslinux/config.h>
@@ -749,7 +750,7 @@ void *load_one(char *file, ssize_t *file_size)
if(size) {
buf = malloc(size);
for(i = 1, cur = 0 ; cur < size && i > 0; cur += i) {
- i = save_read(fd, buf + cur, CHUNK_SIZE);
+ i = save_read(fd, buf + cur, min(CHUNK_SIZE, size - cur));
if(i == -1) break;
gfx_progress_update(i);
}
--
1.7.1
More information about the Syslinux
mailing list