From 54bd9a061083b916d3563101d147a01e002486aa Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 14 Aug 2014 18:17:45 +0800 Subject: [PATCH] Fix incorrect address reference in btrfs We encountered a weird random kernel initrd unpacking error on btrfs and finally found it was caused by incorrect address reference in range check for type GRUB_BTRFS_EXTENT_REGULAR and the entire result is unpredictable. This is a quick fix to make the address reference to the grub_btrfs_extent_data structure correctly, not the pointer variable to it. Any suggestions to this patch is welcome. --- ChangeLog | 6 ++++++ grub-core/fs/btrfs.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 572ee50d1..067606578 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-09-08 Michael Chang + + * grub-core/fs/btrfs.c (grub_btrfs_extent_read): Fix extent size + check; comparing &data->extent against addresses in the region it + points to is unpredictable. + 2014-09-07 Colin Watson Support grub-emu on x32 (ILP32 but with x86-64 instruction set) diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c index f7b6c1520..95a8fa6b3 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -1051,7 +1051,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data, data->extend = data->extstart + grub_le_to_cpu64 (data->extent->size); if (data->extent->type == GRUB_BTRFS_EXTENT_REGULAR - && (char *) &data->extent + elemsize + && (char *) data->extent + elemsize >= (char *) &data->extent->filled + sizeof (data->extent->filled)) data->extend = data->extstart + grub_le_to_cpu64 (data->extent->filled);