video/readers: Add artificial limit to image dimensions
In grub-core/video/readers/jpeg.c, the height and width of a JPEG image don't have an upper limit for how big the JPEG image can be. In Coverity, this is getting flagged as an untrusted loop bound. This issue can also seen in PNG and TGA format images as well but Coverity isn't flagging it. To prevent this, the constant IMAGE_HW_MAX_PX is being added to include/grub/bitmap.h, which has a value of 16384, to act as an artificial limit and restrict the height and width of images. This value was picked as it is double the current max resolution size, which is 8K. Fixes: CID 292450 Signed-off-by:Alec Brown <alec.r.brown@oracle.com> Reviewed-by:
Showing
- debian/patches/cve_2022_2601/0001-video-readers-Add-artificial-limit-to-image-dimensio.patch 109 additions, 0 deletions...ideo-readers-Add-artificial-limit-to-image-dimensio.patch
- docs/grub.texi 2 additions, 1 deletiondocs/grub.texi
- grub-core/video/readers/jpeg.c 5 additions, 1 deletiongrub-core/video/readers/jpeg.c
- grub-core/video/readers/png.c 5 additions, 1 deletiongrub-core/video/readers/png.c
- grub-core/video/readers/tga.c 7 additions, 0 deletionsgrub-core/video/readers/tga.c
- include/grub/bitmap.h 2 additions, 0 deletionsinclude/grub/bitmap.h
Loading
Please register or sign in to comment