On Sat, Nov 19, 2022 at 01:57:59PM +0100, Thomas Schmitt wrote: > Hi, > > i wrote: > > I think the loop end condition should use 4 rather than 1: > > (char *) entry < (char *) sua + sua_size - 4 && entry->len > 0 > > Urm ... better "3 rather than 1": > > (char *) entry < (char *) sua + sua_size - 3 && entry->len > 0 > > The memory fault by entry->len will appear if > entry >= sua + sua_size - 2 > > > (Only good i did not submit a patch attempt. > Why is that "- 1" present anyways ? Shall it ensure the presence of > entry->type ?)
I am not an ISO format expert but your thinking LGTM. So, could you send a patch fixing this issue? Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
