grub2/backport-lib-relocator-Fix-OOB-write-when-initializing-lo-freebytes.patch

From 9dbfbcd660470c3b951d15af0f6ce5a423185ad2 Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Fri, 23 Jun 2023 00:02:24 +0200
Subject: lib/relocator: Fix OOB write when initializing lo->freebytes[]

Fixes: CID 96636

Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=9dbfbcd660470c3b951d15af0f6ce5a423185ad2
Conflict:NA

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
---
 grub-core/lib/relocator.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 568fc0b..e0478ae 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
 			offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
 		      lo->freebytes[offstart / 8]
 			&= ((1 << (8 - (start % 8))) - 1);
-		      grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
-				   offend / 8 - (offstart + 7) / 8);
-		      lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+		      if (offend / 8 > (offstart + 7) / 8)
+			grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+				     offend / 8 - (offstart + 7) / 8);
+		      if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
+			lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
 		    }
 		    break;
 #endif
-- 
cgit v1.1
backport some patches from upstream Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com> 2023-09-13 22:49:55 +08:00			`From 9dbfbcd660470c3b951d15af0f6ce5a423185ad2 Mon Sep 17 00:00:00 2001`
			`From: Daniel Kiper <daniel.kiper@oracle.com>`
			`Date: Fri, 23 Jun 2023 00:02:24 +0200`
			`Subject: lib/relocator: Fix OOB write when initializing lo->freebytes[]`

			`Fixes: CID 96636`

			`Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=9dbfbcd660470c3b951d15af0f6ce5a423185ad2`
			`Conflict:NA`

			`Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>`
			`Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>`
			`---`
			`grub-core/lib/relocator.c \| 8 +++++---`
			`1 file changed, 5 insertions(+), 3 deletions(-)`

			`diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c`
			`index 568fc0b..e0478ae 100644`
			`--- a/grub-core/lib/relocator.c`
			`+++ b/grub-core/lib/relocator.c`
			`@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,`
			`offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;`
			`lo->freebytes[offstart / 8]`
			`&= ((1 << (8 - (start % 8))) - 1);`
			`- grub_memset (lo->freebytes + (offstart + 7) / 8, 0,`
			`- offend / 8 - (offstart + 7) / 8);`
			`- lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);`
			`+ if (offend / 8 > (offstart + 7) / 8)`
			`+ grub_memset (lo->freebytes + (offstart + 7) / 8, 0,`
			`+ offend / 8 - (offstart + 7) / 8);`
			`+ if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)`
			`+ lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);`
			`}`
			`break;`
			`#endif`
			`--`
			`cgit v1.1`