Various improvements and fixes#300
Open
phip1611 wants to merge 13 commits into
Open
Conversation
phip1611
force-pushed
the
improvements
branch
2 times, most recently
from
baa7e33 to
dd6c9b7
Compare
Dynamically sized structures trust their header-provided payload length when constructing the fat pointer. A tag that reports a total size larger than the available byte range must be rejected before that pointer is formed.
EFI memory map iteration casts the raw map buffer to EFI descriptors. Reject descriptor sizes that are too small or break descriptor alignment before constructing that iterator.
Indexed framebuffer tags encode the palette length inside the tag body. Validate that the declared palette fits in the remaining payload before creating the palette slice.
Multiboot2 headers must terminate the optional tag list with an end tag. Build generated headers with that terminator and fix the end-tag constructor to emit the correct tag type.
The chainloader must clear every byte between file size and memory size for loaded segments. Use write_bytes after checking the ELF segment sizes instead of writing the same destination byte repeatedly.
The integration utility crate provides its own allocator and panic handler for QEMU binaries. Let host tests use the standard test harness pieces so the crate can be checked in that configuration too.
Callers need to distinguish malformed reported sizes from the amount of data that was actually available. Carry both values in memory validation errors so higher-level parsers can preserve that context.
A checksum mismatch without values is hard to diagnose when scanning candidate headers. Preserve both the provided checksum and the calculated checksum in the public error.
The Multiboot2 specification requires the optional tag list to end with a terminator. Reject loaded headers that do not contain that final end tag instead of accepting a structurally incomplete header.
Header search should not return raw bytes from a narrow fixed window without validating the candidate. Scan the full Multiboot2 search range, reject malformed candidate sizes, and return the parsed header with its offset.
Boot information is a transparent reference wrapper around the validated dynamic structure. Derive equality so callers and tests can compare wrappers directly.
Already in the prelude
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.