diff options
author | H. Peter Anvin <hpa@linux.intel.com> | 2010-06-21 15:14:45 -0700 |
---|---|---|
committer | H. Peter Anvin <hpa@linux.intel.com> | 2010-06-21 15:14:45 -0700 |
commit | 079300e7afce204191279ea56ba9cb7592ec28c8 (patch) | |
tree | c71c964505b57ecdee7ce3e546468c1e7c73e55a /core/adv.inc | |
parent | 837c24157e599cff5d6ed2cc2af1891aaed77a65 (diff) | |
download | syslinux-079300e7afce204191279ea56ba9cb7592ec28c8.tar.gz |
core, adv: for CHS mode, the top 40 LBA bits must be zero
The top 40 bits of the LBA must be zero on CHS mode. Enforce this,
and also fix leak of the drive number into a divide instruction with
resulting overflow.
Reported-by: Gert Hulselmans <gerth@zytor.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'core/adv.inc')
-rw-r--r-- | core/adv.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/adv.inc b/core/adv.inc index 76da5047..0b45a6c7 100644 --- a/core/adv.inc +++ b/core/adv.inc @@ -407,6 +407,9 @@ adv_read_write: push eax push bp + and edx,edx ; > 2 TiB not possible + jnz .cb_overflow + mov dl,[ADVDrive] and dl,dl ; Floppies: can't trust INT 13h 08h, we better know @@ -443,6 +446,7 @@ adv_read_write: ; Dividing by sectors to get (track,sector): we may have ; up to 2^18 tracks, so we need to use 32-bit arithmetric. ; + xor edx,edx div esi xor cx,cx xchg cx,dx ; CX <- sector index (0-based) |