On Fri, Oct 06, 2023 at 05:58:21PM -0400, Jon DeVree wrote: > On Wed, Oct 04, 2023 at 00:43:18 +0000, Lidong Chen wrote: > > - if (filename + direntry->len - 1 > (char *) tail) > > + if (filename + direntry->len + 1 > (char *) end) > > return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry"); > > > > There were these lines in the source after the diff: > > > > /* The byte after the filename is for the filetype, padding, or > > tag, which is not used by GRUB. So it can be overwritten. */ > > filename[direntry->len] = '\0’; > > > > I wonder if “filename + direntry->len + 1 > (char *) end” could > > result in a failure on the valid filesystem. > > > > According to my reading of the XFS specifications, all valid filesystems > will have either 2 or 3 bytes in the structure after the filename. Older > filesystems (ftypoe=0) will have 2 bytes and newer filesystems (ftype=1) > will have 3 bytes.
OK but then this change requires description in the commit message or separate patch. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
