Jon, may I ask you to take a look at this patch? Does not it conflict with your XFS patch [1].
Daniel [1] https://lists.gnu.org/archive/html/grub-devel/2023-09/msg00110.html On Thu, Sep 28, 2023 at 10:33:44PM +0000, Lidong Chen wrote: > After parsing of the current entry, the entry pointer is advanced > to the next entry at the end of the 'for' loop. In case where the > last entry is at the end of the data boundary, the advanced entry > pointer can point off the data boundary. The subsequent boundary > check for the advanced entry pointer can cause a failure. > > The fix is to include the boundary check into the 'for' loop > condition. > > Signed-off-by: Lidong Chen <lidong.c...@oracle.com> > --- > grub-core/fs/xfs.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c > index b91cd32b4..ebf962793 100644 > --- a/grub-core/fs/xfs.c > +++ b/grub-core/fs/xfs.c > @@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, > if (iterate_dir_call_hook (parent, "..", &ctx)) > return 1; > > - for (i = 0; i < head->count; i++) > + for (i = 0; i < head->count && > + (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size > (dir->data)); i++) > { > grub_uint64_t ino; > grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de); > @@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir, > de->name[de->len] = c; > > de = grub_xfs_inline_next_de(dir->data, head, de); > - > - if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + > grub_xfs_fshelp_size (dir->data)) > - return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory > entry"); > - > } > break; > } _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
