Fix incorrect address reference in btrfs

We encountered a weird random kernel initrd unpacking error on btrfs
and finally found it was caused by incorrect address reference in range
check for type GRUB_BTRFS_EXTENT_REGULAR and the entire result is
unpredictable.

This is a quick fix to make the address reference to the
grub_btrfs_extent_data structure correctly, not the pointer variable
to it.

Any suggestions to this patch is welcome.
This commit is contained in:
Michael Chang 2014-08-14 18:17:45 +08:00 committed by Colin Watson
parent 2a5a532c00
commit 54bd9a0610
2 changed files with 7 additions and 1 deletions

View file

@ -1,3 +1,9 @@
2014-09-08 Michael Chang <mchang@suse.com>
* grub-core/fs/btrfs.c (grub_btrfs_extent_read): Fix extent size
check; comparing &data->extent against addresses in the region it
points to is unpredictable.
2014-09-07 Colin Watson <cjwatson@ubuntu.com> 2014-09-07 Colin Watson <cjwatson@ubuntu.com>
Support grub-emu on x32 (ILP32 but with x86-64 instruction set) Support grub-emu on x32 (ILP32 but with x86-64 instruction set)

View file

@ -1051,7 +1051,7 @@ grub_btrfs_extent_read (struct grub_btrfs_data *data,
data->extend = data->extstart + grub_le_to_cpu64 (data->extent->size); data->extend = data->extstart + grub_le_to_cpu64 (data->extent->size);
if (data->extent->type == GRUB_BTRFS_EXTENT_REGULAR if (data->extent->type == GRUB_BTRFS_EXTENT_REGULAR
&& (char *) &data->extent + elemsize && (char *) data->extent + elemsize
>= (char *) &data->extent->filled + sizeof (data->extent->filled)) >= (char *) &data->extent->filled + sizeof (data->extent->filled))
data->extend = data->extend =
data->extstart + grub_le_to_cpu64 (data->extent->filled); data->extstart + grub_le_to_cpu64 (data->extent->filled);