From 0153498e9ce97fbf7329b590ddb7a373e33b12e6 Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin" <hpa@linux.intel.com>
Date: Tue, 8 Jun 2010 14:37:14 -0700
Subject: [PATCH] mboot.c32: don't rely on possibly incomplete fields

Since load_end_addr and bss_end_addr may be incomplete, we can't
actually use them for information.  An alternative would be to
actually modify these fields in-memory, but it is unclear if that is
permitted by the spec.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
---
 com32/mboot/map.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/com32/mboot/map.c b/com32/mboot/map.c
index 537741e..0a71d4c 100644
--- a/com32/mboot/map.c
+++ b/com32/mboot/map.c
@@ -1,7 +1,7 @@
 /* ----------------------------------------------------------------------- *
  *
  *   Copyright 2007-2008 H. Peter Anvin - All Rights Reserved
- *   Copyright 2009 Intel Corporation; author: H. Peter Anvin
+ *   Copyright 2009-2010 Intel Corporation; author: H. Peter Anvin
  *
  *   Permission is hereby granted, free of charge, to any person
  *   obtaining a copy of this software and associated documentation
@@ -169,7 +169,7 @@ struct multiboot_header *map_image(void *ptr, size_t len)
 
 	for (i = 0; i < eh->e_phnum; i++) {
 	    if (ph->p_type == PT_LOAD || ph->p_type == PT_PHDR) {
-		/* 
+		/*
 		 * This loads at p_paddr, which matches Grub.  However, if
 		 * e_entry falls within the p_vaddr range of this PHDR, then
 		 * adjust it to match the p_paddr range... this is how Grub
@@ -272,16 +272,19 @@ struct multiboot_header *map_image(void *ptr, size_t len)
 	 */
 	char *data_ptr;
 	addr_t data_len, bss_len;
+	addr_t bss_addr;
 
 	regs.eip = mbh->entry_addr;
 
 	data_ptr = (char *)mbh - (mbh->header_addr - mbh->load_addr);
-	
+
 	if (mbh->load_end_addr)
 	    data_len = mbh->load_end_addr - mbh->load_addr;
 	else
 	    data_len = len - mbh_offset + (mbh->header_addr - mbh->load_addr);
 
+	bss_addr = mbh->load_addr + data_len;
+
 	if (mbh->bss_end_addr)
 	    bss_len = mbh->bss_end_addr - mbh->load_end_addr;
 	else
@@ -306,12 +309,12 @@ struct multiboot_header *map_image(void *ptr, size_t len)
 	    }
 	if (bss_len)
 	    if (syslinux_add_memmap
-		(&mmap, mbh->load_end_addr, bss_len, SMT_ZERO)) {
+		(&mmap, bss_addr, bss_len, SMT_ZERO)) {
 		error("Failed to map a.out bss\n");
 		return NULL;
 	    }
-	if (mbh->bss_end_addr > mboot_high_water_mark)
-	    mboot_high_water_mark = mbh->bss_end_addr;
+	if (bss_addr + bss_len > mboot_high_water_mark)
+	    mboot_high_water_mark = bss_addr + bss_len;
     } else {
 	error
 	    ("Invalid Multiboot image: neither ELF header nor a.out kludge found\n");
-- 
2.7.4