font: Fix size overflow in grub_font_get_glyph_internal()
The length of memory allocation and file read may overflow. This patch fixes the problem by using safemath macros. There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). It is safe replacement for such code. It has safemath-like prototype. This patch also introduces grub_cast(value, pointer), it casts value to typeof(*pointer) then store the value to *pointer. It returns true when overflow occurs or false if there is no overflow. The semantics of arguments and return value are designed to be consistent with other safemath macros. Signed-off-by:Zhang Boyang <zhangboyang.id@gmail.com> Reviewed-by:
Showing
- debian/patches/cve_2022_2601/0003-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch 110 additions, 0 deletions...ont-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- grub-core/font/font.c 13 additions, 4 deletionsgrub-core/font/font.c
- include/grub/bitmap.h 18 additions, 0 deletionsinclude/grub/bitmap.h
- include/grub/safemath.h 2 additions, 0 deletionsinclude/grub/safemath.h
Loading
Please register or sign in to comment