32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
|
From 4a8d9c69050bd01a0be66695fea3b35b72f5a425 Mon Sep 17 00:00:00 2001
|
||
|
|
From: kamillo <kamilgolunski@gmail.com>
|
||
|
|
Date: Fri, 17 Feb 2023 22:02:22 +0100
|
||
|
|
Subject: [PATCH] Fix segfault when passed --index is greater than current
|
||
|
|
boot order size
|
||
|
|
|
||
|
|
Size of the order entry size (uint16_t) hasn't been taken into account for all calculations and caused memory corruption.
|
||
|
|
|
||
|
|
Signed-off-by: kamillo <kamilgolunski@gmail.com>
|
||
|
|
---
|
||
|
|
src/efibootmgr.c | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
|
||
|
|
index 255f61f..ded21a1 100644
|
||
|
|
--- a/src/efibootmgr.c
|
||
|
|
+++ b/src/efibootmgr.c
|
||
|
|
@@ -420,8 +420,8 @@ add_to_order(const char *name, uint16_t num, uint16_t insert_at)
|
||
|
|
return -1;
|
||
|
|
|
||
|
|
if (insert_at != 0) {
|
||
|
|
- if (insert_at > order->data_size)
|
||
|
|
- insert_at = order->data_size;
|
||
|
|
+ if (insert_at * sizeof(uint16_t) > order->data_size)
|
||
|
|
+ insert_at = order->data_size / sizeof(uint16_t);
|
||
|
|
memcpy(new_data, old_data, insert_at * sizeof(uint16_t));
|
||
|
|
}
|
||
|
|
new_data[insert_at] = num;
|
||
|
|
--
|
||
|
|
2.27.0
|
||
|
|
|