[OpenBIOS] [PATCH 1/2] fix an out-of-memory error on boot script load

Mark Cave-Ayland mark.cave-ayland at ilande.co.uk
Thu Apr 16 20:13:00 CEST 2015 

On 09/04/15 02:35, Cormac O'Brien wrote:

> From: Cormac O'Brien <cormac at c-obrien.org>
> 
> This patch fixes an issue with boot script buffer allocation that causes
> trouble with Mac OS 9. The file containing the boot script also has a fair
> amount of machine code, so this patch causes the loader to only allocate
> enough for the boot script.
> 
> ---
>  libopenbios/bootinfo_load.c | 17 ++++++++---------
>  1 file changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/libopenbios/bootinfo_load.c b/libopenbios/bootinfo_load.c
> index fa9e36b..fcb23ea 100644
> --- a/libopenbios/bootinfo_load.c
> +++ b/libopenbios/bootinfo_load.c
> @@ -134,12 +134,12 @@ bootinfo_init_program(void)
>  	char *base;
>  	int proplen;
>  	phandle_t chosen;
> -	int tag, taglen, script, scriptlen, scriptvalid, entity, chrp;
> +	int tag, taglen, script, scriptend, scriptlen, scriptvalid, entity, chrp;
>  	char tagbuf[128], c;
>  	char *device, *filename, *directory, *partition;
>  	int current, size;
>  	char *bootscript;
> -        char *tmp;
> +	char *tmp;
>  	char bootpath[1024];
>  
>  	/* Parse the boot script */
> @@ -161,15 +161,8 @@ bootinfo_init_program(void)
>  	feval("load-size");
>  	size = POP();
>  
> -	bootscript = malloc(size);
> -	if (bootscript == NULL) {
> -		DPRINTF("Can't malloc %d bytes\n", size);
> -		return;
> -	}
> -
>  	if (!is_bootinfo(base)) {
>  		DPRINTF("Not a valid bootinfo memory image\n");
> -                free(bootscript);
>  		return;
>  	}
>  
> @@ -197,7 +190,13 @@ bootinfo_init_program(void)
>  			} else if (chrp == 1) {
>  				if (strncasecmp(tagbuf, "boot-script", 11) == 0) {
>  					script = 1;
> +
> +					scriptend = current;
> +					while (base[++scriptend + 1] != '<');
> +					scriptlen = scriptend - current;
> +					bootscript = malloc(scriptlen);
>  					scriptlen = 0;
> +
>  				} else if (strncasecmp(tagbuf, "/boot-script", 12) == 0) {
>  
>  					script = 0;
> 

While this is a great hack to fix up the memory allocation, I'm not
convinced of its robustness, e.g. what happens if you have an entity in
the XML?

I'd be more inclined to do an additional loop beforehand which
terminates either if it reaches size or the EOT character, and then use
that to work out the correct memory size to allocate before the main
while() loop.


ATB,

Mark.

More information about the OpenBIOS mailing list