Date: Mon, 12 Nov 2018 19:45:13 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233180] Several errors in pmbr: 64-bits arithmetics and some others Message-ID: <bug-233180-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233180 Bug ID: 233180 Summary: Several errors in pmbr: 64-bits arithmetics and some others Product: Base System Version: 11.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: kmachine@free.fr These issues have low impact because they require precise circumstances to trigger one of them. The disk must be > 2 TiB in size and either: - The primary GPT header is dammaged. - The freebsd-boot partiton is located farther than the first 2 TiB of the = disc and one of its sectors takes place at a lba value that makes the higher 32 = bits of this very value change. Errors and corrections folow: * Lines 117 - 118 main.3a: decl (%si) # 0x0(%si) =3D last sec (0-= 31) movw $2,%cx Should be: main.3a: subl $1, (%si) # 0x0(%si) =3D last sec (0-= 31) sbbl $0, 4(%si) movw $4,%cx -> Copies only two 16-bits words but it's a 64-bits value. Moreover, decrem= ents this 64-bit value without care for a possible carry. * Line 131 movb $0x10,%cl repe cmpsb Should be: movw $0x10,%cx repe cmpsb -> It's CX the counter for repe not CL. It works as is but it's dangerous to keep that. * Lines 153 - 154 next_boot: incl (%si) # Next LBA adcl $0,4(%si) Should be: next_boot: addl $1, (%si) # Next LBA adcl $0,4(%si) -> inc instruction doesn't affect the carry flag. * Lines 174 - 175 incl GPT_ADDR+GPT_PART_LBA # Next sector adcl $0,GPT_ADDR+GPT_PART_LBA+4 Should be: addl $1, GPT_ADDR+GPT_PART_LBA. adcl $0,GPT_ADDR+GPT_PART_LBA+4 -> Same as before. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233180-227>