* grub-core/lib/relocator.c (malloc_in_range): Fix a memory corruption

	when handling leftovers.

diff --git a/ChangeLog b/ChangeLog
index 37446af70cffbc0a6bcef34dcc6b9d7088e60342..e35b7c7ff558a3ba99c3ac3ff3789f9d13464cc6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-06-27  Vladimir Serbinenko  <phcoder@gmail.com>
+
+       * grub-core/lib/relocator.c (malloc_in_range): Fix a memory corruption
+       when handling leftovers.
+
 2011-06-27  Vladimir Serbinenko  <phcoder@gmail.com>
 
        * util/ieee1275/grub-ofpathname.c (main): Handle --help and --version

diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 6eb20b865c8aee485901cd2abb67cff60193daa8..aa404731f6b6b370016a1d2ffed4cca99e3f092c 100644 (file)
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -764,6 +764,9 @@ malloc_in_range (struct grub_relocator *rel,
     int inreg = 0, regbeg = 0, ncol = 0;
 #if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
     int fwin = 0, fwb = 0, fwlefto = 0;
+#endif
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+    int last_lo = 0;
 #endif
     int last_start = 0;
     for (j = 0; j < N; j++)
@@ -855,7 +858,7 @@ malloc_in_range (struct grub_relocator *rel,
                      unsigned offend = alloc_end
                        % GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
                      struct grub_relocator_fw_leftover *lo
-                       = events[last_start].leftover;
+                       = events[last_lo].leftover;
                      lo->freebytes[offstart / 8]
                        &= ((1 << (8 - (start % 8))) - 1);
                      grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
@@ -910,6 +913,7 @@ malloc_in_range (struct grub_relocator *rel,
 #if GRUB_RELOCATOR_HAVE_LEFTOVERS
          case REG_LEFTOVER_START:
            fwlefto++;
+           last_lo = j;
            break;
 
          case REG_LEFTOVER_END:
@@ -1009,7 +1013,8 @@ malloc_in_range (struct grub_relocator *rel,
                        curschu->extra = ne;
                      }
                  }
-#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
                if (!oom && typepre == CHUNK_TYPE_FIRMWARE)
                  {
                    grub_addr_t fstart, fend;
@@ -1021,7 +1026,6 @@ malloc_in_range (struct grub_relocator *rel,
                      = ALIGN_UP (alloc_end,
                                  GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
 
-#if GRUB_RELOCATOR_HAVE_LEFTOVERS
                    {
                      struct grub_relocator_fw_leftover *lo1 = NULL;
                      struct grub_relocator_fw_leftover *lo2 = NULL;
@@ -1081,10 +1085,8 @@ malloc_in_range (struct grub_relocator *rel,
                      curschu->pre = lo1;
                      curschu->post = lo2;
                    }
-#endif
                  }
 
-#if GRUB_RELOCATOR_HAVE_LEFTOVERS
                if (typepre == CHUNK_TYPE_LEFTOVER)
                  {
                    curschu->pre = events[last_start].leftover;
@@ -1092,7 +1094,6 @@ malloc_in_range (struct grub_relocator *rel,
                  }
 #endif
 
-#endif
                if (!oom)
                  cural++;
                else