grub corrupts stack while installing stage1.5
Hitting the following error. During debugging confirmed that the "(hd0,0)/boot/grub/stage" string is really the "(hd0,0)/boot/grub/stage2" string but is getting corrupted.
Checking if "/boot/grub/stage1" exists... yes Checking if "/boot/grub/stage2" exists... yes Checking if "/boot/grub/fat_stage1_5" exists... yes Running "embed /boot/grub/fat_stage1_5 (hd0)"... 17 sectors are embedded. succeeded Running "install /boot/grub/stage1 (hd0) (hd0)1+17 p (hd0,0)/boot/grub/stage / boot/grub/menu.lst"... failed Error 15: File not found
The problem is that grub_strncat was unconditionally writing a '\\0' into the destination string at the final offset based on the destination buffer length. Some callers of grub_strncat were passing in 256 as a hardcoded destination length for a 16 byte string, so we wound up writing a 0 into a random location on the stack which just happened to clobber the last character of the the stage2 string path.
Updated by Electric Monk over 6 years ago
Author: Jerry Jelinek <email@example.com> 4659 grub corrupts stack while installing stage1.5 Reviewed by: Dan McDonald <firstname.lastname@example.org> Approved by: Garrett D'Amore <email@example.com>