Problem 1: In the function test_header, the array buf is accessed via pointers to grub_uint32_t and grub_uint16_t without ensuring correct alignment of the pointers. This does not work on ARM. Fixed by:
2005-10-15 Timothy Baldwin <[EMAIL PROTECTED]>
* io/gzio.c (test_header): Align buf.
diff -purN -x '*.mk' -x '*~' -x autom4te.cache -x configure -x '.#*' -x
'*.orig' -x CVS grub2-submitted/io/gzio.c grub2-split/io/gzio.c
--- grub2-submitted/io/gzio.c 2005-08-22 18:28:59.000000000 +0100
+++ grub2-split/io/gzio.c 2005-10-14 22:49:55.000000000 +0100
@@ -165,7 +165,7 @@ typedef unsigned long ulg;
static int
test_header (grub_file_t file)
{
- unsigned char buf[10];
+ unsigned char buf[10] __attribute__((aligned));
grub_gzio_t gzio = file->data;
if (grub_file_tell (gzio->file) != 0)
Problem 2: Reading gzip files all at once results in corruption of the data.
It can be exposed by this patch:
diff -purN -x '*.mk' -x '*~' -x autom4te.cache -x configure -x '.#*' -x
'*.orig' -x CVS grub2-submitted/commands/cmp.c grub2-split/commands/cmp.c
--- grub2-submitted/commands/cmp.c 2005-08-26 09:04:11.000000000 +0100
+++ grub2-split/commands/cmp.c 2005-10-15 00:44:12.000000000 +0100
@@ -26,7 +26,7 @@
#include <grub/mm.h>
#include <grub/gzio.h>
-#define BUFFER_SIZE 512
+#define BUFFER_SIZE 1024*1024*4
static grub_err_t
grub_cmd_cmp (struct grub_arg_list *state __attribute__ ((unused)),
Test file at:
http://www.majoroak.f2s.com/tim/grub/downloads/grub2-20051007.tar.gz
Valgrind output attached.
--
Member AFFS, WYLUG, SWP (UK), UAF, RESPECT, StWC
No to software patents! Victory to the iraqi resistance!
==5120== Memcheck, a memory error detector. ==5120== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al. ==5120== Using LibVEX rev 1367, a library for dynamic binary translation. ==5120== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP. ==5120== Using valgrind-3.0.1, a dynamic binary instrumentation framework. ==5120== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al. ==5120== For more details, rerun with: -v ==5120== --5120-- DWARF2 CFI reader: unhandled CFI instruction 0:50 --5120-- DWARF2 CFI reader: unhandled CFI instruction 0:50 ==5120== Conditional jump or move depends on uninitialised value(s) ==5120== at 0x1B8EC7D3: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E631C: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8F2BDD: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E7675: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E47C6: (within /lib/ld-2.3.5.so) ==5120== ==5120== Conditional jump or move depends on uninitialised value(s) ==5120== at 0x1B8ECB13: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E631C: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8F2BDD: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E7675: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E47C6: (within /lib/ld-2.3.5.so) ==5120== ==5120== Conditional jump or move depends on uninitialised value(s) ==5120== at 0x1B8EC6B6: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E6376: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8F2BDD: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E7675: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E47C6: (within /lib/ld-2.3.5.so) ==5120== ==5120== Conditional jump or move depends on uninitialised value(s) ==5120== at 0x1B8EC6C2: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E6376: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8F2BDD: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E7675: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E47C6: (within /lib/ld-2.3.5.so) ==5120== ==5120== Conditional jump or move depends on uninitialised value(s) ==5120== at 0x1B8EC7D3: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E6376: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8F2BDD: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E7675: (within /lib/ld-2.3.5.so) ==5120== by 0x1B8E47C6: (within /lib/ld-2.3.5.so) ==5120== Warning: noted but unhandled ioctl 0x1261 with no size/direction hints ==5120== This could cause spurious value errors to appear. ==5120== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==5120== Warning: noted but unhandled ioctl 0x1261 with no size/direction hints ==5120== This could cause spurious value errors to appear. ==5120== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==5120== Warning: noted but unhandled ioctl 0x1261 with no size/direction hints ==5120== This could cause spurious value errors to appear. ==5120== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==5120== ==5120== Invalid read of size 1 ==5120== at 0x80567DA: memcpy (misc.c:42) ==5120== by 0x80534FC: grub_gzio_read (gzio.c:1200) ==5120== by 0x8055FBC: grub_file_read (file.c:125) ==5120== by 0x80498BE: grub_cmd_cmp (cmp.c:69) ==5120== by 0x805A939: grub_command_execute (command.c:249) ==5120== by 0x805A3C3: grub_cmdline_run (cmdline.c:163) ==5120== by 0x805C92D: grub_menu_run (menu.c:327) ==5120== by 0x805BD1E: grub_normal_execute (main.c:485) ==5120== by 0x805BF1D: grub_enter_normal_mode (main.c:302) ==5120== by 0x805BF8D: grub_rescue_cmd_normal (main.c:512) ==5120== by 0x8058A27: grub_enter_rescue_mode (rescue.c:591) ==5120== by 0x805FB14: main (grub-emu.c:226) ==5120== Address 0x1BAEAB8F is 1 bytes before a block of size 4096 alloc'd ==5120== at 0x1B8FF8A6: malloc (vg_replace_malloc.c:149) ==5120== by 0x805FC4E: xmalloc (misc.c:71) ==5120== by 0x805484D: grub_disk_read (disk.c:160) ==5120== by 0x804BB27: grub_fat_read_data (fat.c:421) ==5120== by 0x8055FBC: grub_file_read (file.c:125) ==5120== by 0x80498A6: grub_cmd_cmp (cmp.c:68) ==5120== by 0x805A939: grub_command_execute (command.c:249) ==5120== by 0x805A3C3: grub_cmdline_run (cmdline.c:163) ==5120== by 0x805C92D: grub_menu_run (menu.c:327) ==5120== by 0x805BD1E: grub_normal_execute (main.c:485) ==5120== by 0x805BF1D: grub_enter_normal_mode (main.c:302) ==5120== by 0x805BF8D: grub_rescue_cmd_normal (main.c:512) ==5120== ==5120== Invalid read of size 1 ==5120== at 0x80567D0: memcpy (misc.c:43) ==5120== by 0x80534FC: grub_gzio_read (gzio.c:1200) ==5120== by 0x8055FBC: grub_file_read (file.c:125) ==5120== by 0x80498BE: grub_cmd_cmp (cmp.c:69) ==5120== by 0x805A939: grub_command_execute (command.c:249) ==5120== by 0x805A3C3: grub_cmdline_run (cmdline.c:163) ==5120== by 0x805C92D: grub_menu_run (menu.c:327) ==5120== by 0x805BD1E: grub_normal_execute (main.c:485) ==5120== by 0x805BF1D: grub_enter_normal_mode (main.c:302) ==5120== by 0x805BF8D: grub_rescue_cmd_normal (main.c:512) ==5120== by 0x8058A27: grub_enter_rescue_mode (rescue.c:591) ==5120== by 0x805FB14: main (grub-emu.c:226) ==5120== Address 0x1BAEAB8E is 2 bytes before a block of size 4096 alloc'd ==5120== at 0x1B8FF8A6: malloc (vg_replace_malloc.c:149) ==5120== by 0x805FC4E: xmalloc (misc.c:71) ==5120== by 0x805484D: grub_disk_read (disk.c:160) ==5120== by 0x804BB27: grub_fat_read_data (fat.c:421) ==5120== by 0x8055FBC: grub_file_read (file.c:125) ==5120== by 0x80498A6: grub_cmd_cmp (cmp.c:68) ==5120== by 0x805A939: grub_command_execute (command.c:249) ==5120== by 0x805A3C3: grub_cmdline_run (cmdline.c:163) ==5120== by 0x805C92D: grub_menu_run (menu.c:327) ==5120== by 0x805BD1E: grub_normal_execute (main.c:485) ==5120== by 0x805BF1D: grub_enter_normal_mode (main.c:302) ==5120== by 0x805BF8D: grub_rescue_cmd_normal (main.c:512) ==5120== ==5120== More than 30000 total errors detected. I'm not reporting any more. ==5120== Final error counts will be inaccurate. Go fix your program! ==5120== Rerun with --error-limit=no to disable this cutoff. Note ==5120== that errors may occur in your program without prior warning from ==5120== Valgrind, because errors are no longer being displayed. ==5120== ==5120== ==5120== ERROR SUMMARY: 30000 errors from 7 contexts (suppressed: 0 from 0) ==5120== malloc/free: in use at exit: 2874558 bytes in 1196 blocks. ==5120== malloc/free: 7013 allocs, 5817 frees, 33235044 bytes allocated. ==5120== For counts of detected errors, rerun with: -v ==5120== searching for pointers to 1196 not-freed blocks. ==5120== checked 2965380 bytes. ==5120== ==5120== LEAK SUMMARY: ==5120== definitely lost: 60619 bytes in 85 blocks. ==5120== possibly lost: 1664 bytes in 1 blocks. ==5120== still reachable: 2812275 bytes in 1110 blocks. ==5120== suppressed: 0 bytes in 0 blocks. ==5120== Use --leak-check=full to see details of leaked memory.
pgp3QWHlHhj7d.pgp
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
