[syslinux] [PATCH 4/5] installers: fix a possible buffer overflow when looking for LDLINUX_MAGIC
Pete Batard
pete at akeo.ie
Mon Mar 7 06:07:19 PST 2016
On 2016.03.07 03:27, Shao Miller via Syslinux wrote:
> - Casting to a uintptr_t is ugly (and not C89, not that Syslinux cares
> about that)
Yeah, I'd have liked to avoid that too, but some compilers will complain
about pointer arithmetic logic, unless you specifically use uintptr_t.
But, considering your other very valid point, let me see if I can work
something better here, that could eliminate this cast.
> With the proposed patch's uintptr_t stuff, if the magic isn't found:
>
> * <------- boot_image_len dictates the final byte
> * <-------- wp is less than boot_image_len
> 00001111222233XXYYYY <- XX are out-of-bound bytes
> * <---- Where wp is when the loop breaks
> * <------ As far as any kind of pointer should point
> * <-------- When the loop should break, as 33XX can't
> contain the magic
You're right. This overflow prevention still does not prevent all
possible overflows, so I need to review my patch.
I'll try to work something better, either today or tomorrow, and submit
a new patch. Thanks for pointing the issue.
Regards,
/Pete
More information about the Syslinux
mailing list