[syslinux] [PATCH 4/5] installers: fix a possible buffer overflow when looking for LDLINUX_MAGIC

Pete Batard pete at akeo.ie
Mon Mar 7 06:07:19 PST 2016


On 2016.03.07 03:27, Shao Miller via Syslinux wrote:
> - Casting to a uintptr_t is ugly (and not C89, not that Syslinux cares
> about that)

Yeah, I'd have liked to avoid that too, but some compilers will complain 
about pointer arithmetic logic, unless you specifically use uintptr_t.

But, considering your other very valid point, let me see if I can work 
something better here, that could eliminate this cast.

> With the proposed patch's uintptr_t stuff, if the magic isn't found:
>
>               * <------- boot_image_len dictates the final byte
>             * <-------- wp is less than boot_image_len
> 00001111222233XXYYYY <- XX are out-of-bound bytes
>                  * <---- Where wp is when the loop breaks
>                * <------ As far as any kind of pointer should point
>              * <-------- When the loop should break, as 33XX can't
> contain the magic

You're right. This overflow prevention still does not prevent all 
possible overflows, so I need to review my patch.

I'll try to work something better, either today or tomorrow, and submit 
a new patch. Thanks for pointing the issue.

Regards,

/Pete





More information about the Syslinux mailing list