From 122fae58a8979b19145f713b6793122484d050ee8008f3d127e15cfa871af907 Mon Sep 17 00:00:00 2001
From: Steffen Winterfeldt <snwint@suse.com>
Date: Mon, 11 Aug 2014 13:53:17 +0000
Subject: [PATCH] - fix memory corruption due to wrong fs cache initialisation
 (bnc #884181)

OBS-URL: https://build.opensuse.org/package/show/system:install:head/syslinux?expand=0&rev=66
---
 syslinux-4.04-cache_fix.diff | 36 ++++++++++++++++++++++++++++++++++++
 syslinux.changes             |  5 +++++
 syslinux.spec                |  2 ++
 3 files changed, 43 insertions(+)
 create mode 100644 syslinux-4.04-cache_fix.diff

diff --git a/syslinux-4.04-cache_fix.diff b/syslinux-4.04-cache_fix.diff
new file mode 100644
index 0000000..02c27ee
--- /dev/null
+++ b/syslinux-4.04-cache_fix.diff
@@ -0,0 +1,36 @@
+commit 0a0e0e41cad93cd16c323cf16f40264a21eedd6c
+Author: H. Peter Anvin <hpa@zytor.com>
+Date:   Thu Jul 19 07:29:55 2012 -0700
+
+    Correct initialization of the cache doubly-linked list
+    
+    The initialization of the cache doubly-linked list had
+    head->next->prev instead of head->prev->next; this entry is supposed
+    to initialize the ->next entry of the last entry in the list (which
+    points back to the head node.)
+    
+    For clarity, consistently use "head" to refer to the head node; the
+    mixing of "head" and "dev->cache_head" needlessly obfuscated the code.
+    
+    The wild pointer reference caused crashes on some systems.
+    
+    Reported-by: Jan Safrata <jsafrata@centrum.cz>
+    Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+
+diff --git a/core/fs/cache.c b/core/fs/cache.c
+index 0d7891b..3b21fc2 100644
+--- a/core/fs/cache.c
++++ b/core/fs/cache.c
+@@ -37,10 +37,10 @@ void cache_init(struct device *dev, int block_size_shift)
+ 
+     dev->cache_head = head = (struct cache *)
+ 	(data + (dev->cache_entries << block_size_shift));
+-    cache = dev->cache_head + 1; /* First cache descriptor */
++    cache = head + 1;		/* First cache descriptor */
+ 
+     head->prev  = &cache[dev->cache_entries-1];
+-    head->next->prev = dev->cache_head;
++    head->prev->next = head;
+     head->block = -1;
+     head->data  = NULL;
+ 
diff --git a/syslinux.changes b/syslinux.changes
index c2c34de..606ca11 100644
--- a/syslinux.changes
+++ b/syslinux.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Aug 11 15:51:11 CEST 2014 - snwint@suse.de
+
+- fix memory corruption due to wrong fs cache initialisation (bnc #884181)
+
 -------------------------------------------------------------------
 Fri Mar 21 13:10:04 CET 2014 - snwint@suse.de
 
diff --git a/syslinux.spec b/syslinux.spec
index 165b624..525a5fd 100644
--- a/syslinux.spec
+++ b/syslinux.spec
@@ -49,6 +49,7 @@ Patch11:        %{name}-%{version}-localboot.diff
 Patch12:        %{name}-%{version}-geometry.diff
 Patch13:        %{name}-%{version}-nostrip.diff
 Patch14:        %{name}-%{version}-timeout.diff
+Patch15:        %{name}-%{version}-cache_fix.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -79,6 +80,7 @@ Authors:
 %patch12 -p1
 %patch13 -p0
 %patch14 -p1
+%patch15 -p1
 
 %build
 cp %{SOURCE2} .