mirror of
https://github.com/Zeal-Operating-System/ZealOS.git
synced 2025-01-13 16:16:31 +00:00
Fix zealbooter memmap kernel header buffer-overflow.
Previously the zealbooter memmap e820 assignment loop used the entry count value passed via limine, without checking if it was over MEM_E820_ENTRIES_NUM, the #define constant value limit of entries that are stored in the kernel header's e820 region. This commit bumps up the constant entry count to 64 from 48, and also adds a small check in zealbooter to ensure that the entry count value used in the memmap loop caps off at the constant value.
This commit is contained in:
parent
ad20a7a710
commit
8297c769e6
3 changed files with 19 additions and 8 deletions
|
@ -427,7 +427,7 @@ class CSysLimitBase
|
||||||
};
|
};
|
||||||
|
|
||||||
#help_index "Memory/Info"
|
#help_index "Memory/Info"
|
||||||
#define MEM_E820_ENTRIES_NUM 48
|
#define MEM_E820_ENTRIES_NUM 64
|
||||||
#define MEM_E820t_USABLE 1
|
#define MEM_E820t_USABLE 1
|
||||||
#define MEM_E820t_RESERVED 2
|
#define MEM_E820t_RESERVED 2
|
||||||
#define MEM_E820t_ACPI 3
|
#define MEM_E820t_ACPI 3
|
||||||
|
|
|
@ -5,9 +5,6 @@ trampoline:
|
||||||
// Set new stack
|
// Set new stack
|
||||||
mov %rdx, %rsp
|
mov %rdx, %rsp
|
||||||
|
|
||||||
// hlt
|
|
||||||
// hlt
|
|
||||||
|
|
||||||
// Load GDTR
|
// Load GDTR
|
||||||
lgdt (%rcx)
|
lgdt (%rcx)
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ struct CDate {
|
||||||
int32_t date;
|
int32_t date;
|
||||||
} __attribute__((packed));
|
} __attribute__((packed));
|
||||||
|
|
||||||
#define MEM_E820_ENTRIES_NUM 48
|
#define MEM_E820_ENTRIES_NUM 64
|
||||||
|
|
||||||
#define MEM_E820T_USABLE 1
|
#define MEM_E820T_USABLE 1
|
||||||
#define MEM_E820T_RESERVED 2
|
#define MEM_E820T_RESERVED 2
|
||||||
|
@ -243,8 +243,22 @@ void _start(void) {
|
||||||
|
|
||||||
kernel->mem_physical_space = 0;
|
kernel->mem_physical_space = 0;
|
||||||
|
|
||||||
|
size_t mem_count = 0;
|
||||||
|
if (memmap_request.response->entry_count > MEM_E820_ENTRIES_NUM)
|
||||||
|
{
|
||||||
|
mem_count = MEM_E820_ENTRIES_NUM;
|
||||||
|
// If limine hands us more regions than the constant, cap it off early instead of buffer overflowing into kernel headers.
|
||||||
|
// This won't guarantee we'll get lucky with framebuffer placement passed via limine.
|
||||||
|
// If the mem_count gets capped at the constant, the system should still boot fully (drive activity lights, reading compiler and code from disc, etc),
|
||||||
|
// just possibly with no visible framebuffer. :^)
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
mem_count = memmap_request.response->entry_count;
|
||||||
|
}
|
||||||
|
|
||||||
printf("memory map:\n");
|
printf("memory map:\n");
|
||||||
for (size_t i = 0; i < memmap_request.response->entry_count; i++) {
|
for (size_t i = 0; i < mem_count; i++) {
|
||||||
struct limine_memmap_entry *entry = memmap_request.response->entries[i];
|
struct limine_memmap_entry *entry = memmap_request.response->entries[i];
|
||||||
int our_type;
|
int our_type;
|
||||||
|
|
||||||
|
@ -293,7 +307,7 @@ void _start(void) {
|
||||||
}
|
}
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
kernel->mem_E820[memmap_request.response->entry_count].type = 0;
|
kernel->mem_E820[mem_count].type = 0;
|
||||||
|
|
||||||
kernel->mem_physical_space = align_up_u64(kernel->mem_physical_space, 0x200000);
|
kernel->mem_physical_space = align_up_u64(kernel->mem_physical_space, 0x200000);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue