[syslinux] [PATCH v3] core/diskboot.inc: fix handover area's sanity checks

[Michal Soltys]

As the code operates with paragraph granularity, make sure that
false positives are not possible, though some false negatives
might happen with insanely placed handover area.

Bump low address check to 50h:0, to also avoid bios data area and
remove si == 0 check.

Signed-off-by: Michal Soltys <soltys at ziu.info>
---
 core/diskboot.inc |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/core/diskboot.inc b/core/diskboot.inc
index 1be6ade..fabe4a4 100644
--- a/core/diskboot.inc
+++ b/core/diskboot.inc
@@ -178,16 +178,18 @@ floppy:
 ; trust that rather than what the superblock contains.
 ;
 ; Note: di points to beyond the end of PartInfo
+; Note: false negatives might slip through the handover area's sanity checks,
+;       if the region is very close (less than a paragraph) to
+;       PartInfo ; no false positives are possible though
 ;
 harddisk:
 		mov dx,[di-76-10]	; Original DS
 		mov si,[di-76-12]	; Original SI
 		shr si,4
-		jz .no_partition	; SI == 0 -> assume no partition
 		add dx,si
-		cmp dx,1024 >> 4	; DS:SI < 1K (inside the IVT)?
-		jb .no_partition
-		cmp dx,PartInfo >> 4	; DS:SI in overwritten memory?
+		cmp dx,4fh		; DS:SI < 50h:0 (BDA or IVT) ?
+		jbe .no_partition
+		cmp dx,(PartInfo-75)>>4	; DS:SI in overwritten memory?
 		jae .no_partition
 		test byte [di-76],7Fh	; Sanity check: "active flag" should
 		jnz .no_partition	; be 00 or 80
-- 
1.7.2.1