From 2cccc747acc482e710e3dd23c672ce6151fd59e9 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 1 Apr 2011 17:04:10 +0100 Subject: [PATCH] Store the loopback device as data on loopback grub_disk structures, rather than the file it points to. This fixes use of freed memory if an existing loopback device is replaced. * grub-core/disk/loopback.c (grub_loopback_open): Store dev in disk->data, not dev->file. (grub_loopback_read): Adjust file assignment to match. Fixes Ubuntu bug #742967. --- ChangeLog | 11 +++++++++++ grub-core/disk/loopback.c | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 512b61cac..fb6875c69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2011-04-01 Colin Watson + + Store the loopback device as data on loopback grub_disk structures, + rather than the file it points to. This fixes use of freed memory + if an existing loopback device is replaced. + + * grub-core/disk/loopback.c (grub_loopback_open): Store dev in + disk->data, not dev->file. + (grub_loopback_read): Adjust file assignment to match. + Fixes Ubuntu bug #742967. + 2011-04-01 Colin Watson * grub-core/disk/loopback.c (grub_cmd_loopback): Fix a memory leak diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c index 02e6c164f..939043f01 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -162,7 +162,7 @@ grub_loopback_open (const char *name, grub_disk_t disk) disk->total_sectors = GRUB_DISK_SIZE_UNKNOWN; disk->id = (unsigned long) dev; - disk->data = dev->file; + disk->data = dev; return 0; } @@ -171,7 +171,7 @@ static grub_err_t grub_loopback_read (grub_disk_t disk, grub_disk_addr_t sector, grub_size_t size, char *buf) { - grub_file_t file = (grub_file_t) disk->data; + grub_file_t file = ((struct grub_loopback *) disk->data)->file; grub_off_t pos; grub_file_seek (file, sector << GRUB_DISK_SECTOR_BITS);