https://git.reactos.org/?p=reactos.git;a=commitdiff;h=31aca248a1a94cb3ae1d8b...

commit 31aca248a1a94cb3ae1d8b6dad5c97ad43e61ab3 Author: Stanislav Motylkov x86corez@gmail.com AuthorDate: Thu Jul 18 23:49:11 2019 +0300 Commit: Hermès BÉLUSCA - MAÏTO hermes.belusca-maito@reactos.org CommitDate: Thu Jul 18 22:49:11 2019 +0200

[FREELDR] hwdisk: Add sanity checks to avoid infinite loop (#1731)

CORE-16204 CORE-16205 --- boot/freeldr/freeldr/arch/i386/hwdisk.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)

diff --git a/boot/freeldr/freeldr/arch/i386/hwdisk.c b/boot/freeldr/freeldr/arch/i386/hwdisk.c index a254aeeaa70..826780a07fb 100644 --- a/boot/freeldr/freeldr/arch/i386/hwdisk.c +++ b/boot/freeldr/freeldr/arch/i386/hwdisk.c @@ -82,6 +82,13 @@ DiskOpen(CHAR* Path, OPENMODE OpenMode, ULONG* FileId) PARTITION_TABLE_ENTRY PartitionTableEntry; CHAR FileName[1];

+ if (DiskReadBufferSize == 0) + { + ERR("DiskOpen(): DiskReadBufferSize is 0, something is wrong.\n"); + ASSERT(FALSE); + return ENOMEM; + } + if (!DissectArcPath(Path, FileName, &DriveNumber, &DrivePartition)) return EINVAL;

@@ -139,10 +146,16 @@ DiskRead(ULONG FileId, VOID* Buffer, ULONG N, ULONG* Count) BOOLEAN ret; ULONGLONG SectorOffset;

+ ASSERT(DiskReadBufferSize > 0); + TotalSectors = (N + Context->SectorSize - 1) / Context->SectorSize; MaxSectors = DiskReadBufferSize / Context->SectorSize; SectorOffset = Context->SectorNumber + Context->SectorOffset;

+ // If MaxSectors is 0, this will lead to infinite loop + // In release builds assertions are disabled, however we also have sanity checks in DiskOpen() + ASSERT(MaxSectors > 0); + ret = TRUE;

while (TotalSectors)