[OpenBIOS] [PATCH] bootinfo_load.c: stop parsing CHRP boot script when NULL is reached

Mark Cave-Ayland mark.cave-ayland at ilande.co.uk
Sun Jun 21 00:07:01 CEST 2015

The Mac OS 9 CHRP boot script consists of a null-terminated Forth string
followed by a large binary payload. Make sure we correctly determine the size
of the bootscript at this point instead of trying to allocate memory for the
entire binary blob which fails due to insufficient memory.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland at ilande.co.uk>
 openbios-devel/libopenbios/bootinfo_load.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/openbios-devel/libopenbios/bootinfo_load.c b/openbios-devel/libopenbios/bootinfo_load.c
index fa9e36b..c70203e 100644
--- a/openbios-devel/libopenbios/bootinfo_load.c
+++ b/openbios-devel/libopenbios/bootinfo_load.c
@@ -161,6 +161,12 @@ bootinfo_init_program(void)
 	size = POP();
+	/* Some bootinfo scripts contain a binary payload after the
+	   NULL-terminated Forth string such as OS 9. Restrict our
+	   size to just the Forth section, otherwise we end up trying
+	   to allocate memory for the entire binary which will fail. */
+	size = MIN(strlen(base), size);
 	bootscript = malloc(size);
 	if (bootscript == NULL) {
 		DPRINTF("Can't malloc %d bytes\n", size);

More information about the OpenBIOS mailing list