From 328951ac24132cfef37f4c6a5558fe0e388a7f75 Mon Sep 17 00:00:00 2001
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
Date: Sat, 28 Aug 2010 21:27:10 +0200
Subject: [PATCH] Add safety checks in relocator and add a GRUB_MM_CHECK macro

---
 grub-core/lib/relocator.c | 36 +++++++++++++++++++++++++++++++++++-
 include/grub/mm.h         |  3 +++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 0acd59b94..90b383301 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -582,8 +582,15 @@ malloc_in_range (struct grub_relocator *rel,
       int pre_added = 0;
       pa = r->first;
       p = pa->next;
+      if (p->magic == GRUB_MM_ALLOC_MAGIC)
+	continue;
       do 
-	{	  
+	{
+	  grub_dprintf ("relocator", "free block %p+0x%x\n",
+			p, p->size);
+	  if (p->magic != GRUB_MM_FREE_MAGIC)
+	    grub_fatal (__FILE__":%d free magic broken at %p (0x%x)\n",
+			__LINE__, p, p->magic);
 	  if (p == (grub_mm_header_t) (r + 1))
 	    {
 	      pre_added = 1;
@@ -1586,3 +1593,30 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
   grub_free (sorted);
   return GRUB_ERR_NONE;
 }
+
+void
+grub_mm_check_real (char *file, int line)
+{
+  grub_mm_region_t r;
+  grub_mm_header_t p, pa;
+
+  for (r = grub_mm_base; r; r = r->next)
+    {
+      pa = r->first;
+      p = pa->next;
+      if (p->magic == GRUB_MM_ALLOC_MAGIC)
+	continue;
+      do 
+	{
+	  if ((grub_addr_t) p < (grub_addr_t) (r + 1)
+	      || (grub_addr_t) p >= (grub_addr_t) (r + 1) + r->size)
+	    grub_fatal ("%s:%d: out of range pointer: %p\n", file, line, p);
+	  if (p->magic != GRUB_MM_FREE_MAGIC)
+	    grub_fatal ("%s:%d free magic broken at %p (0x%x)\n", file,
+			line, p, p->magic);
+	  pa = p;
+	  p = pa->next;
+	}
+      while (pa != r->first);
+    }
+}
diff --git a/include/grub/mm.h b/include/grub/mm.h
index 38dd39646..cc115907a 100644
--- a/include/grub/mm.h
+++ b/include/grub/mm.h
@@ -35,6 +35,9 @@ void EXPORT_FUNC(grub_free) (void *ptr);
 void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size);
 void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size);
 
+void grub_mm_check_real (char *file, int line);
+#define GRUB_MM_CHECK grub_mm_check_real (__FILE__, __LINE__);
+
 /* For debugging.  */
 #if defined(MM_DEBUG) && !defined(GRUB_UTIL) && !defined (GRUB_MACHINE_EMU)
 /* Set this variable to 1 when you want to trace all memory function calls.  */