2009-07-24 Felix Zielcke * partmap/pc.c (pc_partition_map_iterate): Don't loop forever in case the partition table is corrupted. Also ignore partitions with a starting sector of 0. diff --git a/partmap/pc.c b/partmap/pc.c index 6f68ecf..ab58b3d 100644 --- a/partmap/pc.c +++ b/partmap/pc.c @@ -97,6 +97,7 @@ pc_partition_map_iterate (grub_disk_t disk, struct grub_pc_partition_mbr mbr; struct grub_pc_partition_disk_label label; struct grub_disk raw; + int loop; /* Enforce raw disk access. */ raw = *disk; @@ -108,11 +109,13 @@ pc_partition_map_iterate (grub_disk_t disk, p.data = &pcdata; p.partmap = &grub_pc_partition_map; - while (1) + loop = 0; + while (loop < 100000) { int i; struct grub_pc_partition_entry *e; + loop++; /* Read the MBR. */ if (grub_disk_read (&raw, p.offset, 0, sizeof (mbr), &mbr)) goto finish; @@ -143,7 +146,7 @@ pc_partition_map_iterate (grub_disk_t disk, return grub_error (GRUB_ERR_BAD_PART_TABLE, "dummy mbr"); /* If this partition is a normal one, call the hook. */ - if (! grub_pc_partition_is_empty (e->type) + if (e->start != 0 && ! grub_pc_partition_is_empty (e->type) && ! grub_pc_partition_is_extended (e->type)) { pcdata.dos_part++; @@ -206,7 +209,7 @@ pc_partition_map_iterate (grub_disk_t disk, { e = mbr.entries + i; - if (grub_pc_partition_is_extended (e->type)) + if (e->start != 0 && grub_pc_partition_is_extended (e->type)) { p.offset = pcdata.ext_offset + grub_le_to_cpu32 (e->start); if (! pcdata.ext_offset) @@ -221,6 +224,8 @@ pc_partition_map_iterate (grub_disk_t disk, break; } + if (loop == 100000) + return grub_error (GRUB_ERR_BAD_PART_TABLE, "Corrupted partition table found."); finish: return grub_errno; }