core, adv: for CHS mode, the top 40 LBA bits must be zero

The top 40 bits of the LBA must be zero on CHS mode. Enforce this, and also fix leak of the drive number into a divide instruction with resulting overflow. Reported-by: Gert Hulselmans <gerth@zytor.com> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
author: H. Peter Anvin <hpa@linux.intel.com> 2010-06-21 15:14:45 -0700
committer: H. Peter Anvin <hpa@linux.intel.com> 2010-06-21 15:14:45 -0700
commit: 079300e7afce204191279ea56ba9cb7592ec28c8 (patch)
tree: c71c964505b57ecdee7ce3e546468c1e7c73e55a /core/adv.inc
parent: 837c24157e599cff5d6ed2cc2af1891aaed77a65 (diff)
download: syslinux-079300e7afce204191279ea56ba9cb7592ec28c8.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/core/adv.inc b/core/adv.inc
index 76da5047..0b45a6c7 100644
--- a/core/adv.inc
+++ b/core/adv.inc
@@ -407,6 +407,9 @@ adv_read_write:
 		push eax
 		push bp
 
+		and edx,edx			; > 2 TiB not possible
+		jnz .cb_overflow
+
 		mov dl,[ADVDrive]
 		and dl,dl
 		; Floppies: can't trust INT 13h 08h, we better know
@@ -443,6 +446,7 @@ adv_read_write:
                 ; Dividing by sectors to get (track,sector): we may have
                 ; up to 2^18 tracks, so we need to use 32-bit arithmetric.
                 ;
+		xor edx,edx
                 div esi
                 xor cx,cx
                 xchg cx,dx              ; CX <- sector index (0-based)
author	H. Peter Anvin <hpa@linux.intel.com>	2010-06-21 15:14:45 -0700
committer	H. Peter Anvin <hpa@linux.intel.com>	2010-06-21 15:14:45 -0700
commit	079300e7afce204191279ea56ba9cb7592ec28c8 (patch)
tree	c71c964505b57ecdee7ce3e546468c1e7c73e55a /core/adv.inc
parent	837c24157e599cff5d6ed2cc2af1891aaed77a65 (diff)
download	syslinux-079300e7afce204191279ea56ba9cb7592ec28c8.tar.gz