> for (*r = grub_mm_base; *r; *r = (*r)->next)
> - if ((grub_addr_t) ptr > (grub_addr_t) ((*r) + 1)
> - && (grub_addr_t) ptr <= (grub_addr_t) ((*r) + 1) + (*r)->size)
> - break;
> + {
> + grub_addr_t region_start = (grub_addr_t) ((*r) + 1);
> + grub_addr_t region_end = (grub_addr_t) ((*r) + 1) + (*r)->size;
> +
> + if (block_start > region_start)
> + if ((block_start <= region_end) || (region_end == 0))
> + break;
> + }
This fix looks correct but as indicated by us not having discovered this
bug earlier, this is a very unusual case and it's difficult to ensure
that similar bug doesn't pop up in another place or that we don't suffer
a regression. I'd prefer to exclude top 4K of adressable memory from
heap as safety measure. Are you ok with this approach?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
