Bug#482199: grub: Grub may fail to boot after using 'savedefault --once'

[Xavier Aragon]

Package: grub
Version: 0.97-27
Severity: normal


Debian's version of grub-0.97 has added the '--once' option to
the 'savedefault' command in grub shell, but it seems that using
it may actually cause the boot time 'savedefault' commands in 
grub menu fail later.

The problem is that the upstream grub has a convention that
the file /boot/grub/default must be at least ten bytes long,
but the 'savedefault' command added by Debian to the grub
shell doesn't follow that convention. The savedefault patch
actually removes the length check that savedefault_func() had
in the upstream version. The grub-set-default utility follows
the convention, but it doesn't recognize the '--once' option,
so it is necessary to use grub shell's 'savedefault' command.
 
After the file /boot/grub/default has been truncated to less than
10 bytes, bad things may happen at boot if a grub menu item uses
the 'savedefault' command. This is because the code in function
savedefault_helper() is fooled to think that the content of the 
default file resides in two different sectors on the disk, which 
usually is not the case. The sector number, byte offset and length
variables for the second sector have unitialized values when
accessed, which may lead to various errors. The most common
is "Selected cylinder exceeds maximum supported by BIOS", when
the sector number is bigger than the number of sectors on disk.
In the worst case the 'savedefault' action in grub menu just 
writes a few bytes to some random location on the disk without
reporting any errors.

The key to the problem is the comparison 

	if (saved_lengths[0] < sizeof (buf))

in function savedefault_helper(), which is always true if
the default file has length less than 10 bytes.