https://git.reactos.org/?p=reactos.git;a=commitdiff;h=31aca248a1a94cb3ae1d8… commit 31aca248a1a94cb3ae1d8b6dad5c97ad43e61ab3 Author: Stanislav Motylkov <x86corez(a)gmail.com> AuthorDate: Thu Jul 18 23:49:11 2019 +0300 Commit: Hermès BÉLUSCA - MAÏTO <hermes.belusca-maito(a)reactos.org> CommitDate: Thu Jul 18 22:49:11 2019 +0200 [FREELDR] hwdisk: Add sanity checks to avoid infinite loop (#1731) CORE-16204 CORE-16205 --- boot/freeldr/freeldr/arch/i386/hwdisk.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/boot/freeldr/freeldr/arch/i386/hwdisk.c b/boot/freeldr/freeldr/arch/i386/hwdisk.c index a254aeeaa70..826780a07fb 100644 --- a/boot/freeldr/freeldr/arch/i386/hwdisk.c +++ b/boot/freeldr/freeldr/arch/i386/hwdisk.c @@ -82,6 +82,13 @@ DiskOpen(CHAR* Path, OPENMODE OpenMode, ULONG* FileId) PARTITION_TABLE_ENTRY PartitionTableEntry; CHAR FileName[1]; + if (DiskReadBufferSize == 0) + { + ERR("DiskOpen(): DiskReadBufferSize is 0, something is wrong.\n"); + ASSERT(FALSE); + return ENOMEM; + } + if (!DissectArcPath(Path, FileName, &DriveNumber, &DrivePartition)) return EINVAL; @@ -139,10 +146,16 @@ DiskRead(ULONG FileId, VOID* Buffer, ULONG N, ULONG* Count) BOOLEAN ret; ULONGLONG SectorOffset; + ASSERT(DiskReadBufferSize > 0); + TotalSectors = (N + Context->SectorSize - 1) / Context->SectorSize; MaxSectors = DiskReadBufferSize / Context->SectorSize; SectorOffset = Context->SectorNumber + Context->SectorOffset; + // If MaxSectors is 0, this will lead to infinite loop + // In release builds assertions are disabled, however we also have sanity checks in DiskOpen() + ASSERT(MaxSectors > 0); + ret = TRUE; while (TotalSectors)