? 2013?04?08? 14:07, Wang YanQing ??: > On Mon, Apr 08, 2013 at 12:33:40PM +0800, Zhang Yanfei wrote: >> I think this is ok for we have filled all the real_mode buffer with 0. > I don't think so, it must be somethings wrong, if we had filled all > the real_mode buffer with 0, why do we need my patch to set > the string termination guard '\0'? real_mode = kernel16 buf + commandline + purgatory commandline. At first, we filled all real_mode buffer with 0, then we assigned values to kernel16 buf just in the head of real_mode. And next, we copied the commandline just after the kernel16 buf. Usually, when we copy a string into a buffer, we will set the string termination guard '\0' right after the string in the buffer for safety, I think. As your patch, If we have no commandline, and just assign it to '\0'. It prevents the problems to happen below: In setup_linux_bootloader_parameters_high 120 cmdline_ptr = ((char *)real_mode) + cmdline_offset; 121 memcpy(cmdline_ptr, cmdline, cmdline_len); 122 cmdline_ptr[cmdline_len - 1] = '\0'; if cmdline_len == 0, Line 122 will corrupt kernel16 buf just before the commandline. And in do_bzImage_load, for example, 369 cmdline_end = setup_base + kern16_size_needed + command_line_len - 1; 370 elf_rel_set_symbol(&info->rhdr, "cmdline_end", &cmdline_end, 371 sizeof(unsigned long)); Line 369 will go wrong, too. > > Does '\0' equal zero, right? Yeah, if we write '\0', the value store into the char buf is zero, I think. Correct me if I am wrong, please. Thanks Zhang
