[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] setkey fails and causes GRUB to crash.

From: Daniel Pittman
Subject: [PATCH] setkey fails and causes GRUB to crash.
Date: 09 Oct 2000 23:34:17 +1100
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.2 (Notus)

It seems that no one must have tried to use the 'setkey' command in GRUB
before today. I finally got around to starting to put together my dvorak
keymap for it[1], I found a nasty bug.

The issues is the table that GRUB uses internally to store the key
names, combined with the nature of the grub_strcmp call.

Anyway, the backtrack for a setkey command is:

,----[ grub setkey backtrace ]
| grub> setkey a o
| Program received signal SIGSEGV, Segmentation fault.
| 0x804b57a in grub_strcmp (s1=0x40178c4f "a", s2=0x0) at char_io.c:1008
| 1008          if (*s1 < *s2)
| (gdb) where
| #0  0x804b57a in grub_strcmp (s1=0x40178c4f "a", s2=0x0) at char_io.c:1008
| #1  0x80556d0 in find_ascii_code (key=0x40178c4f "a") at builtins.c:3202
| #2  0x805573c in setkey_func (arg=0x40178c4f "a", flags=1) at builtins.c:3215
| #3  0x80566c1 in enter_cmdline (heap=0x40178c48 "setkey a", forever=1)
|     at cmdline.c:168
| #4  0x80527ca in cmain () at stage2.c:907
| #5  0x804a606 in init_bios_info () at common.c:282
| #6  0x80495da in doit () at asmstub.c:120
| #7  0x80497d2 in grub_stage2 () at asmstub.c:176
| #8  0x8049596 in main (argc=1, argv=0xbffff914) at main.c:238
| #9  0x40078b8c in __libc_start_main () from /lib/libc.so.6
| (gdb) quit

The issue is that the 'keysym_table' structure uses a NULL (0) value in
the table to store a 'none' item. The code in the 'setkey' function does
not take this into account and blindly passes the NULL pointer into

The strcmp routine then dereferences through the NULL pointer with,
well, predictable effects. I have not verified that this bug occurs with
the boot-time GRUB, just the Unix based grub shell.

Code inspection says that the issue would be present at that time also.
The attached patch is a fairly trivial change to the effected routine to
make it test for a NULL pointer before doing the strcmp.

I don't know if this is the right fix but it certainly removes the issue


[1]  Would there be interest in having this contributed back to GRUB
     when I have it - or the script to turn a Linux keymap into a GRUB

Attachment: txtljAlZGmS2W.txt
Description: Text Data

Organization and method mean much, but contagious human characters mean more
in a university, where a few undisciplinables ... may be infinitely more
precious than a faculty full of orderly routinists.
        -- William James

reply via email to

[Prev in Thread] Current Thread [Next in Thread]