From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-226151-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Ngh85-0006hn-IS
	for garchives@archives.gentoo.org; Sun, 14 Feb 2010 16:15:29 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1A7BDE08A6;
	Sun, 14 Feb 2010 16:15:24 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id ED979E08A6
	for <gentoo-commits@lists.gentoo.org>; Sun, 14 Feb 2010 16:15:23 +0000 (UTC)
Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 90DE21B436B
	for <gentoo-commits@lists.gentoo.org>; Sun, 14 Feb 2010 16:15:23 +0000 (UTC)
Received: from vapier by stork.gentoo.org with local (Exim 4.69)
	(envelope-from <vapier@gentoo.org>)
	id 1Ngh7z-0002Bb-0i
	for gentoo-commits@lists.gentoo.org; Sun, 14 Feb 2010 16:15:23 +0000
From: "Mike Frysinger (vapier)" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Reply-To: gentoo-dev@lists.gentoo.org, vapier@gentoo.org
Subject: [gentoo-commits] gentoo commit in src/patchsets/grub/0.97: 011_all_grub-0.97-varargs.patch
X-VCS-Repository: gentoo
X-VCS-Files: 011_all_grub-0.97-varargs.patch
X-VCS-Directories: src/patchsets/grub/0.97
X-VCS-Committer: vapier
X-VCS-Committer-Name: Mike Frysinger
Content-Type: text/plain; charset=utf8
Message-Id: <E1Ngh7z-0002Bb-0i@stork.gentoo.org>
Sender: Mike Frysinger <vapier@stork.gentoo.org>
Date: Sun, 14 Feb 2010 16:15:23 +0000
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 6ebfc837-b3e4-47d7-840f-92902cdf6c4a
X-Archives-Hash: e8c91f91af4a71b87269bf48c9a84ba3

vapier      10/02/14 16:15:23

  Added:                011_all_grub-0.97-varargs.patch
  Log:
  use proper vararg processing to avoid segfaults on hardened systems #27=
9536

Revision  Changes    Path
1.1                  src/patchsets/grub/0.97/011_all_grub-0.97-varargs.pa=
tch

file : http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/grub/0.9=
7/011_all_grub-0.97-varargs.patch?rev=3D1.1&view=3Dmarkup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/grub/0.9=
7/011_all_grub-0.97-varargs.patch?rev=3D1.1&content-type=3Dtext/plain

Index: 011_all_grub-0.97-varargs.patch
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
https://bugs.gentoo.org/279536

use proper vararg functions instead of trying to walk the stack ourselves

patch by Anthony Basile <basile@opensource.dyc.edu>

--- grub-0.97/stage2/char_io.c
+++ grub-0.97/stage2/char_io.c
@@ -20,6 +20,7 @@
=20
 #include <shared.h>
 #include <term.h>
+#include <stdarg.h>
=20
 #ifdef SUPPORT_HERCULES
 # include <hercules.h>
@@ -178,10 +179,11 @@
 void
 grub_printf (const char *format,...)
 {
-  int *dataptr =3D (int *) &format;
+  va_list ap ;
+  va_start(ap, format);
+
   char c, str[16];
  =20
-  dataptr++;
=20
   while ((c =3D *(format++)) !=3D 0)
     {
@@ -196,17 +198,17 @@
 	  case 'X':
 #endif
 	  case 'u':
-	    *convert_to_ascii (str, c, *((unsigned long *) dataptr++)) =3D 0;
+	    *convert_to_ascii (str, c, va_arg(ap, unsigned long)) =3D 0;
 	    grub_putstr (str);
 	    break;
=20
 #ifndef STAGE1_5
 	  case 'c':
-	    grub_putchar ((*(dataptr++)) & 0xff);
+	    grub_putchar (va_arg(ap, char) & 0xff);
 	    break;
=20
 	  case 's':
-	    grub_putstr ((char *) *(dataptr++));
+	    grub_putstr (va_arg(ap, char *));
 	    break;
 #endif
 	  }
@@ -219,12 +221,12 @@
 {
   /* XXX hohmuth
      ugly hack -- should unify with printf() */
-  int *dataptr =3D (int *) &format;
+  va_list ap ;
+  va_start(ap, format);
+
   char c, *ptr, str[16];
   char *bp =3D buffer;
=20
-  dataptr++;
-
   while ((c =3D *format++) !=3D 0)
     {
       if (c !=3D '%')
@@ -233,7 +235,7 @@
 	switch (c =3D *(format++))
 	  {
 	  case 'd': case 'u': case 'x':
-	    *convert_to_ascii (str, c, *((unsigned long *) dataptr++)) =3D 0;
+	    *convert_to_ascii (str, c, va_arg(ap, unsigned long)) =3D 0;
=20
 	    ptr =3D str;
=20
@@ -241,12 +243,12 @@
 	      *bp++ =3D *(ptr++); /* putchar(*(ptr++)); */
 	    break;
=20
-	  case 'c': *bp++ =3D (*(dataptr++))&0xff;
-	    /* putchar((*(dataptr++))&0xff); */
+	  case 'c': *bp++ =3D va_arg(ap, char) & 0xff;
+	    /* putchar (va_arg(ap, char) & 0xff); */
 	    break;
=20
 	  case 's':
-	    ptr =3D (char *) (*(dataptr++));
+	    ptr =3D va_arg(ap, char *);
=20
 	    while ((c =3D *ptr++) !=3D 0)
 	      *bp++ =3D c; /* putchar(c); */