When compiled with gcc 12 packages/pc-parts.c generates the following error:
/root/packages/pc-parts.c:243:64: error: array subscript 1 is outside array bounds of 'struct pc_partition[1]' [-Werror=array-bounds] 243 | cur_table = ext_start + __le32_to_cpu(p[1].start_sect); | ~^~~ /root/include/libc/byteorder.h:12:13: note: in definition of macro '__bswap32' 12 | ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \ | ^ /root/packages/pc-parts.c:243:49: note: in expansion of macro '__le32_to_cpu' 243 | cur_table = ext_start + __le32_to_cpu(p[1].start_sect); | ^~~~~~~~~~~~~ /root/packages/pc-parts.c:143:13: note: at offset 16 into object of size 16 allocated by 'malloc' 143 | p = malloc(sizeof(struct pc_partition)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[1]: *** [rules.mak:191: target/packages/pc-parts.o] Error 1 make[1]: Leaving directory '/root/obj-ppc'
Upon inspection this appears to be a genuine bug whereby the attempt to access the second extended partition entry incorrectly accesses the memory beyond the end of the aligned copy of the first extended partition entry.
Copy the second extended partition entry into aligned extended partition buffer and access the values from there to resolve the issue.
Signed-off-by: Mark Cave-Ayland mark.cave-ayland@ilande.co.uk --- packages/pc-parts.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/packages/pc-parts.c b/packages/pc-parts.c index dbbb2d4..ddc68e1 100644 --- a/packages/pc-parts.c +++ b/packages/pc-parts.c @@ -235,12 +235,15 @@ pcparts_open( pcparts_info_t *di ) }
/* Second entry is link to next partition */ - if (!is_pc_extended_part(p[1].type)) { + partition = (struct pc_partition *) (buf + 0x1ce); + memcpy(p, partition, sizeof(struct pc_partition)); + + if (!is_pc_extended_part(p->type)) { DPRINTF("no link\n"); break; }
- cur_table = ext_start + __le32_to_cpu(p[1].start_sect); + cur_table = ext_start + __le32_to_cpu(p->start_sect); cur_part++; }