39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 9dbfbcd660470c3b951d15af0f6ce5a423185ad2 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Date: Fri, 23 Jun 2023 00:02:24 +0200
|
|
Subject: lib/relocator: Fix OOB write when initializing lo->freebytes[]
|
|
|
|
Fixes: CID 96636
|
|
|
|
Reference:https://git.savannah.gnu.org/cgit/grub.git/commit?id=9dbfbcd660470c3b951d15af0f6ce5a423185ad2
|
|
Conflict:NA
|
|
|
|
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
---
|
|
grub-core/lib/relocator.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
|
|
index 568fc0b..e0478ae 100644
|
|
--- a/grub-core/lib/relocator.c
|
|
+++ b/grub-core/lib/relocator.c
|
|
@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
|
|
offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
|
|
lo->freebytes[offstart / 8]
|
|
&= ((1 << (8 - (start % 8))) - 1);
|
|
- grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
|
|
- offend / 8 - (offstart + 7) / 8);
|
|
- lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
|
|
+ if (offend / 8 > (offstart + 7) / 8)
|
|
+ grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
|
|
+ offend / 8 - (offstart + 7) / 8);
|
|
+ if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
|
|
+ lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
|
|
}
|
|
break;
|
|
#endif
|
|
--
|
|
cgit v1.1
|
|
|