* grub-core/lib/relocator.c (malloc_in_range): Fix a memory corruption

when handling leftovers.
2011-06-27 12:18:44 +02:00 · 2011-06-27 12:18:44 +02:00 · bdea379833
commit bdea379833
parent b28c56559b
2 changed files with 12 additions and 6 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
 2011-06-27  Vladimir Serbinenko  <phcoder@gmail.com>
 	* grub-core/lib/relocator.c (malloc_in_range): Fix a memory corruption
 	when handling leftovers.
 2011-06-27  Vladimir Serbinenko  <phcoder@gmail.com>
 	* util/ieee1275/grub-ofpathname.c (main): Handle --help and --version
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@ -764,6 +764,9 @@ malloc_in_range (struct grub_relocator *rel,
    int inreg = 0, regbeg = 0, ncol = 0;
 #if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
    int fwin = 0, fwb = 0, fwlefto = 0;
 #endif
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
    int last_lo = 0;
 #endif
    int last_start = 0;
    for (j = 0; j < N; j++)
@ -855,7 +858,7 @@ malloc_in_range (struct grub_relocator *rel,
 		      unsigned offend = alloc_end
 			% GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
 		      struct grub_relocator_fw_leftover *lo
-			= events[last_start].leftover;
+			= events[last_lo].leftover;
 		      lo->freebytes[offstart / 8]
 			&= ((1 << (8 - (start % 8))) - 1);
 		      grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
@ -910,6 +913,7 @@ malloc_in_range (struct grub_relocator *rel,
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
 	  case REG_LEFTOVER_START:
 	    fwlefto++;
 	    last_lo = j;
 	    break;
 	  case REG_LEFTOVER_END:
@ -1009,7 +1013,8 @@ malloc_in_range (struct grub_relocator *rel,
 			curschu->extra = ne;
 		      }
 		  }
-#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
 		if (!oom && typepre == CHUNK_TYPE_FIRMWARE)
 		  {
 		    grub_addr_t fstart, fend;
@ -1021,7 +1026,6 @@ malloc_in_range (struct grub_relocator *rel,
 		      = ALIGN_UP (alloc_end,
 				  GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
 		    {
 		      struct grub_relocator_fw_leftover *lo1 = NULL;
 		      struct grub_relocator_fw_leftover *lo2 = NULL;
@ -1081,10 +1085,8 @@ malloc_in_range (struct grub_relocator *rel,
 		      curschu->pre = lo1;
 		      curschu->post = lo2;
 		    }
 #endif
 		  }
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
 		if (typepre == CHUNK_TYPE_LEFTOVER)
 		  {
 		    curschu->pre = events[last_start].leftover;
@ -1092,7 +1094,6 @@ malloc_in_range (struct grub_relocator *rel,
 		  }
 #endif
 #endif
 		if (!oom)
 		  cural++;
 		else