Author: mcayland Date: Sun Jun 21 20:52:35 2015 New Revision: 1341 URL: http://tracker.coreboot.org/trac/openbios/changeset/1341 Log: bootinfo_load.c: stop parsing CHRP boot script when NULL is reached The Mac OS 9 CHRP boot script consists of a null-terminated Forth string followed by a large binary payload. Make sure we correctly determine the size of the bootscript at this point instead of trying to allocate memory for the entire binary blob which fails due to insufficient memory. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Modified: trunk/openbios-devel/libopenbios/bootinfo_load.c Modified: trunk/openbios-devel/libopenbios/bootinfo_load.c ============================================================================== --- trunk/openbios-devel/libopenbios/bootinfo_load.c Wed May 13 01:11:05 2015 (r1340) +++ trunk/openbios-devel/libopenbios/bootinfo_load.c Sun Jun 21 20:52:35 2015 (r1341) @@ -161,6 +161,12 @@ feval("load-size"); size = POP(); + /* Some bootinfo scripts contain a binary payload after the + NULL-terminated Forth string such as OS 9. Restrict our + size to just the Forth section, otherwise we end up trying + to allocate memory for the entire binary which might fail. */ + size = strnlen(base, size); + bootscript = malloc(size); if (bootscript == NULL) { DPRINTF("Can't malloc %d bytes\n", size);