From 365fd745d62e9fdc43b22a0a1916c595749eb575 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Mon, 23 Sep 2013 21:12:41 +0200 Subject: [PATCH 1/3] 9bootfat: only check for fat at block 0 on floppy drives (thanks aap) smart boot manager has a "FAT" signature in its mbr causing 9bootfat to "detect" it as a fat filesystem and then fails to find plan9.ini. there shouldnt be a fat filesystem on harddrives at block 0, only on floppy drives. but some bioses use floppy drive numbers for usb harddrives so still check for a partition table. thanks aap for debugging this. --- sys/src/boot/pc/fat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/src/boot/pc/fat.c b/sys/src/boot/pc/fat.c index 7b90234b4..99218d155 100644 --- a/sys/src/boot/pc/fat.c +++ b/sys/src/boot/pc/fat.c @@ -339,7 +339,7 @@ findfat(Fat *fat, int drive, ulong xbase, ulong lba) return -1; if(buf[0x1fe] != 0x55 || buf[0x1ff] != 0xAA) return -1; - if(lba == 0){ + if(lba == 0 && (drive & 0x80) == 0){ /* floppy */ fat->drive = drive; fat->partlba = 0; if(!conffat(fat, buf)) From 62b3eea2715a9e67cdb0873faa0d802344bf7683 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Tue, 24 Sep 2013 01:52:20 +0200 Subject: [PATCH 2/3] syssem*: eleminate redundant validaddr() checks validaddr looks up the segments for an address range and checks the flags and if the address range lies within bounds on the segments. as we'r going to lookup the segment in the syssem* syscalls anyway, we can do the checks ourselfs avoiding the double segment array lookups. the implication of this tho is that now a semaphore cannot span multiple segments. but this would be highly unusual given that segments are page aligned. --- sys/src/9/port/sysproc.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/sys/src/9/port/sysproc.c b/sys/src/9/port/sysproc.c index 9f670a5a0..fbad6942f 100644 --- a/sys/src/9/port/sysproc.c +++ b/sys/src/9/port/sysproc.c @@ -1109,13 +1109,15 @@ syssemacquire(ulong *arg) long *addr; Segment *s; - validaddr(arg[0], sizeof(long), 1); evenaddr(arg[0]); addr = (long*)arg[0]; block = arg[1]; - - if((s = seg(up, (ulong)addr, 0)) == nil) + + s = seg(up, (ulong)addr, 0); + if(s == nil || (s->type&SG_RONLY) != 0 || (ulong)addr+sizeof(long) > s->top){ + validaddr((ulong)addr, sizeof(long), 1); error(Ebadarg); + } if(*addr < 0) error(Ebadarg); return semacquire(s, addr, block); @@ -1128,13 +1130,15 @@ systsemacquire(ulong *arg) ulong ms; Segment *s; - validaddr(arg[0], sizeof(long), 1); evenaddr(arg[0]); addr = (long*)arg[0]; ms = arg[1]; - if((s = seg(up, (ulong)addr, 0)) == nil) + s = seg(up, (ulong)addr, 0); + if(s == nil || (s->type&SG_RONLY) != 0 || (ulong)addr+sizeof(long) > s->top){ + validaddr((ulong)addr, sizeof(long), 1); error(Ebadarg); + } if(*addr < 0) error(Ebadarg); return tsemacquire(s, addr, ms); @@ -1146,13 +1150,15 @@ syssemrelease(ulong *arg) long *addr, delta; Segment *s; - validaddr(arg[0], sizeof(long), 1); evenaddr(arg[0]); addr = (long*)arg[0]; delta = arg[1]; - if((s = seg(up, (ulong)addr, 0)) == nil) + s = seg(up, (ulong)addr, 0); + if(s == nil || (s->type&SG_RONLY) != 0 || (ulong)addr+sizeof(long) > s->top){ + validaddr((ulong)addr, sizeof(long), 1); error(Ebadarg); + } /* delta == 0 is a no-op, not a release */ if(delta < 0 || *addr < 0) error(Ebadarg); From cafcffb1dce89b7e10ddd9149e4b0928ac2b9b38 Mon Sep 17 00:00:00 2001 From: jpathy Date: Tue, 24 Sep 2013 15:50:35 -0700 Subject: [PATCH 3/3] fix null dereference crash in mothra --- sys/src/cmd/mothra/mothra.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/src/cmd/mothra/mothra.c b/sys/src/cmd/mothra/mothra.c index c6457f547..29e9219fd 100644 --- a/sys/src/cmd/mothra/mothra.c +++ b/sys/src/cmd/mothra/mothra.c @@ -1016,9 +1016,11 @@ mothon(Www *w, int on) plrtstr(&t->next, 0, 0, t->font, strdup("->"), PL_HOT, ap); t->next->next = x; } else { - t->next = x->next; - x->next = nil; - freetext(x); + if(x) { + t->next = x->next; + x->next = nil; + freetext(x); + } } } updtext(w);