On Mon, Jul 28, 2008 at 6:12 PM, Felix Zielcke <[EMAIL PROTECTED]> wrote:
> GRUB 2 has a problem with many kernel entrys in grub.cfg
> This works fine for me with grub-emu but not real GRUB
>
> I reproduced this now in qemu 0.9.1-5 from debian unstable
> Attached is the floppy image i used and the kernel entrys i added to the
> insmod lines generated by grub-mkrescue
>
> Welcome to GRUB!
>
> free magic is broken at 0x7f17a00: 0x3d616776
>
> I tried to find out how big grub.cfg exactly must be for it to fail, but
> I couldn't
> I deleted the entrys in little chunks and then after GRUB loaded the
> menu fine I added again some, but it keep displaying the menu fine with
> the new entrys added.
> So something in GRUB's memory management seems to be a bit broken with a
> big grub.cfg
>
> But I still wonder why you need that much kernels and now with testing
> in qemu I noticed that the reporter has the exact same menuentrys more
> then once in grub.cfg
Hi,
I have found the bug, it's caused by buffer overflown. In get_line
(normal/main.c), if the string length is multiple of 64, the ending \0
will overflow the buffer, this patch fix the problem:
diff --git a/normal/main.c b/normal/main.c
index e5458fc..70f2f1d 100644
--- a/normal/main.c
+++ b/normal/main.c
@@ -97,9 +97,6 @@ get_line (grub_file_t file)
}
else
{
- if (c == '\n')
- break;
-
if (pos >= max_len)
{
char *old_cmdline = cmdline;
@@ -112,6 +109,9 @@ get_line (grub_file_t file)
}
}
+ if (c == '\n')
+ break;
+
cmdline[pos++] = c;
}
}
--
Bean
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
