On Wed, Oct 04, 2023 at 00:43:18 +0000, Lidong Chen wrote: > - if (filename + direntry->len - 1 > (char *) tail) > + if (filename + direntry->len + 1 > (char *) end) > return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry"); > > There were these lines in the source after the diff: > > /* The byte after the filename is for the filetype, padding, or > tag, which is not used by GRUB. So it can be overwritten. */ > filename[direntry->len] = '\0’; > > I wonder if “filename + direntry->len + 1 > (char *) end” could > result in a failure on the valid filesystem. >
According to my reading of the XFS specifications, all valid filesystems will have either 2 or 3 bytes in the structure after the filename. Older filesystems (ftypoe=0) will have 2 bytes and newer filesystems (ftype=1) will have 3 bytes. GRUB already depends on there being at least 1 extra byte, so if this isn't true we have some big problems. -- Jon Doge Wrangler X(7): A program for managing terminal windows. See also screen(1) and tmux(1). _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
