Re: calculation overflow in grub_mm_init_region (patch)

[Vladimir 'φ-coder/phcoder' Serbinenko]

>    for (*r = grub_mm_base; *r; *r = (*r)->next)
> -    if ((grub_addr_t) ptr > (grub_addr_t) ((*r) + 1)
> -       && (grub_addr_t) ptr <= (grub_addr_t) ((*r) + 1) + (*r)->size)
> -      break;
> +    {
> +      grub_addr_t region_start = (grub_addr_t) ((*r) + 1);
> +      grub_addr_t region_end = (grub_addr_t) ((*r) + 1) + (*r)->size;
> +
> +      if (block_start > region_start)
> +       if ((block_start <= region_end) || (region_end == 0))
> +         break;
> +    }
This fix looks correct but as indicated by us not having discovered this
bug earlier, this is a very unusual case and it's difficult to ensure
that similar bug doesn't pop up in another place or that we don't suffer
a regression. I'd prefer to exclude top 4K of adressable memory from
heap as safety measure. Are you ok with this approach?

signature.asc
Description: OpenPGP digital signature