37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From 108a3865f43330b581d35b9cf6ecb1e0a1da5d49 Mon Sep 17 00:00:00 2001
|
|
From: Ryan Cohen <rcohenprogramming@gmail.com>
|
|
Date: Sat, 26 Nov 2022 17:22:51 -0500
|
|
Subject: [PATCH] term/i386/pc/vga_text: Prevent out-of-bounds writes to VGA
|
|
text buffer
|
|
|
|
Coordinates passed to screen_write_char() did not have any checks to
|
|
ensure they are not out-of-bounds. This adds an if statement to prevent
|
|
out-of-bounds writes to the VGA text buffer.
|
|
|
|
Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=108a3865f43330b581d35b9cf6ecb1e0a1da5d49
|
|
Conflict:NA
|
|
|
|
Signed-off-by: Ryan Cohen <rcohenprogramming@gmail.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/term/i386/pc/vga_text.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/term/i386/pc/vga_text.c b/grub-core/term/i386/pc/vga_text.c
|
|
index 669d06fad..b88fa9d2e 100644
|
|
--- a/grub-core/term/i386/pc/vga_text.c
|
|
+++ b/grub-core/term/i386/pc/vga_text.c
|
|
@@ -63,7 +63,8 @@ static grub_uint8_t cur_color = 0x7;
|
|
static void
|
|
screen_write_char (int x, int y, short c)
|
|
{
|
|
- VGA_TEXT_SCREEN[y * COLS + x] = grub_cpu_to_le16 (c);
|
|
+ if (x < COLS && y < ROWS && x >= 0 && y >= 0)
|
|
+ VGA_TEXT_SCREEN[y * COLS + x] = grub_cpu_to_le16 (c);
|
|
}
|
|
|
|
static short
|
|
--
|
|
2.28.0.windows.1
|
|
|