mirror of
https://github.com/Zeal-Operating-System/ZealOS.git
synced 2024-12-25 15:10:28 +00:00
Fix zealbooter memmap kernel header buffer-overflow.
Previously the zealbooter memmap e820 assignment loop used the entry count value passed via limine, without checking if it was over MEM_E820_ENTRIES_NUM, the #define constant value limit of entries that are stored in the kernel header's e820 region. This commit bumps up the constant entry count to 64 from 48, and also adds a small check in zealbooter to ensure that the entry count value used in the memmap loop caps off at the constant value.
This commit is contained in:
parent
ad20a7a710
commit
8297c769e6
3 changed files with 19 additions and 8 deletions
|
@ -427,7 +427,7 @@ class CSysLimitBase
|
|||
};
|
||||
|
||||
#help_index "Memory/Info"
|
||||
#define MEM_E820_ENTRIES_NUM 48
|
||||
#define MEM_E820_ENTRIES_NUM 64
|
||||
#define MEM_E820t_USABLE 1
|
||||
#define MEM_E820t_RESERVED 2
|
||||
#define MEM_E820t_ACPI 3
|
||||
|
@ -4546,4 +4546,4 @@ class CProgress
|
|||
#define PRINTF_NEG_E 0x400
|
||||
#define PRINTF_NEG_AUX_FORMAT_NUM 0x800
|
||||
|
||||
#help_index ""
|
||||
#help_index ""
|
||||
|
|
|
@ -5,9 +5,6 @@ trampoline:
|
|||
// Set new stack
|
||||
mov %rdx, %rsp
|
||||
|
||||
// hlt
|
||||
// hlt
|
||||
|
||||
// Load GDTR
|
||||
lgdt (%rcx)
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ struct CDate {
|
|||
int32_t date;
|
||||
} __attribute__((packed));
|
||||
|
||||
#define MEM_E820_ENTRIES_NUM 48
|
||||
#define MEM_E820_ENTRIES_NUM 64
|
||||
|
||||
#define MEM_E820T_USABLE 1
|
||||
#define MEM_E820T_RESERVED 2
|
||||
|
@ -243,8 +243,22 @@ void _start(void) {
|
|||
|
||||
kernel->mem_physical_space = 0;
|
||||
|
||||
size_t mem_count = 0;
|
||||
if (memmap_request.response->entry_count > MEM_E820_ENTRIES_NUM)
|
||||
{
|
||||
mem_count = MEM_E820_ENTRIES_NUM;
|
||||
// If limine hands us more regions than the constant, cap it off early instead of buffer overflowing into kernel headers.
|
||||
// This won't guarantee we'll get lucky with framebuffer placement passed via limine.
|
||||
// If the mem_count gets capped at the constant, the system should still boot fully (drive activity lights, reading compiler and code from disc, etc),
|
||||
// just possibly with no visible framebuffer. :^)
|
||||
}
|
||||
else
|
||||
{
|
||||
mem_count = memmap_request.response->entry_count;
|
||||
}
|
||||
|
||||
printf("memory map:\n");
|
||||
for (size_t i = 0; i < memmap_request.response->entry_count; i++) {
|
||||
for (size_t i = 0; i < mem_count; i++) {
|
||||
struct limine_memmap_entry *entry = memmap_request.response->entries[i];
|
||||
int our_type;
|
||||
|
||||
|
@ -293,7 +307,7 @@ void _start(void) {
|
|||
}
|
||||
printf("\n");
|
||||
|
||||
kernel->mem_E820[memmap_request.response->entry_count].type = 0;
|
||||
kernel->mem_E820[mem_count].type = 0;
|
||||
|
||||
kernel->mem_physical_space = align_up_u64(kernel->mem_physical_space, 0x200000);
|
||||
|
||||
|
|
Loading…
Reference in a new issue