The integer overflow triggered for simple masks in the "badram" command, such as "badram 0x0000000012340000,0xfffffffffffffff8". This resulted in an infinite loop, locking up the machine.
Signed-off-by: Wanda Phinode <[email protected]> --- It seems this one has been known for a while: see eg. https://unix.stackexchange.com/questions/746164/grub-hangs-itself-with-64bit-memtest86-badram-pattern grub-core/mmap/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c index 7c7d3911c..d348f3e0d 100644 --- a/grub-core/mmap/mmap.c +++ b/grub-core/mmap/mmap.c @@ -409,7 +409,7 @@ badram_iter (grub_uint64_t addr, grub_uint64_t size, */ while (high - low > 1) { - cur = (low + high) / 2; + cur = low + (high - low) / 2; if (fill_mask (entry, cur) >= addr) high = cur; else -- 2.52.0 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
