[syslinux] Stack overflow: it's not a bug, it's a feature

Celelibi celelibi at gmail.com
Sat Oct 10 19:21:21 PDT 2015 

Hello there,

When cleaning up the linker scripts I happened to find a bug that was
just triggered a lot more easily without the useless sections taking
up some memory space.

In short, every time you run a COM32 kernel (in the CLI or via a menu)
the stack is never restored and the function calls just stack up until
you reach other data, which may make anything crash.

Here is the backtrace down to the "execute" function:
#0  execute (cmdline=cmdline at entry=0x7fd4590 "hello.c32", type=7,
sysappend=sysappend at entry=false) at
/home/celelibi/code/syslinux/com32/elflink/ldlinux/execute.c:50
#1  0x07fafe38 in load_kernel (command_line=<optimized out>) at
/home/celelibi/code/syslinux/com32/elflink/ldlinux/ldlinux.c:179
#2  0x07fb0002 in ldlinux_auto_boot () at
/home/celelibi/code/syslinux/com32/elflink/ldlinux/ldlinux.c:249
#3  0x07fb0080 in enter_cmdline () at
/home/celelibi/code/syslinux/com32/elflink/ldlinux/ldlinux.c:273
#4  0x07fb016c in ldlinux_enter_command () at
/home/celelibi/code/syslinux/com32/elflink/ldlinux/ldlinux.c:281

The execute() function gets ultimately called from
ldlinux_enter_command(). And execute(), when it runs a COM32 module,
always calls ldlinux_enter_command() afterwards. Thus stacking up
calls.

There is a comment just above that call:

		/*
		 * The old COM32 module code would run the module then
		 * drop the user back at the command prompt,
		 * irrespective of how the COM32 module was loaded,
		 * e.g. from vesamenu.c32.
		 */

I always found this behavior surprising, and now I see it may lead to
some bugs. Currently the console is reset before and after running the
COM32 module and all the modules (except the core module and
ldlinux.c32) are unloaded.

I think the behavior that would make most sens would be to not unload
any module and just return where the code come from and fix the
modules that assume that calling execute() won't reset the console.
But maybe there's a reason the current behavior try to mimic the
behavior of the "old COM32 module".

What do you think about this? Should we keep the current behavior that
always return to the command line? (Thus making the fix for the stack
overflow a bit more complex.) Or just return in whatever menu we were
and make the menu reinitialize the console?


Celelibi

More information about the Syslinux mailing list