From: Will Sowerbutts <will@sowerbutts.com>
Date: Sun, 4 Jan 2015 22:47:20 +0000 (+0000)
Subject: Avoid infinite loops in mbr_parse() with faulty input
X-Git-Url: https://git.ndcode.org/public/gitweb.cgi?a=commitdiff_plain;h=f2f794c6dde3e15e05c505fd273bd0d48a41f7aa;p=FUZIX.git

Avoid infinite loops in mbr_parse() with faulty input
---

diff --git a/Kernel/dev/mbr.c b/Kernel/dev/mbr.c
index 1a90c805..7c1daea0 100644
--- a/Kernel/dev/mbr.c
+++ b/Kernel/dev/mbr.c
@@ -23,7 +23,7 @@ typedef struct {
 void mbr_parse(blkdev_t *blk, char letter)
 {
     boot_record_t *br;
-    uint8_t i;
+    uint8_t i, maxbr = 50;
     uint32_t lba = 0, ep_offset = 0, br_offset = 0;
     uint8_t next = 0;
 
@@ -34,6 +34,10 @@ void mbr_parse(blkdev_t *blk, char letter)
 	if(!blk->transfer(blk->drive_number, lba, br, true) || br->signature != MBR_SIGNATURE)
 	    break;
 
+	/* avoid an infinite loop where extended boot records form a loop */
+	if(--maxbr == 0)
+	    break;
+
 	if(next < 4 && lba != 0){ 
 	    /* we just loaded the first extended boot record */
 	    ep_offset = lba;