git.proxmox.com Git - grub2.git/commit

author	Zhang Boyang <zhangboyang.id@gmail.com>
	Thu, 4 Aug 2022 16:51:20 +0000 (00:51 +0800)
committer	Steve McIntyre <93sam@debian.org>
	Sat, 12 Nov 2022 22:51:49 +0000 (22:51 +0000)
commit	2f01e9c03b3ec82291f6cd89a0685c6b740e78b8
tree	048db7bb5c96cd76e065ff7899ba370aed5e7a0d	tree
parent	280a9f216319f955f7f7f751f4d0dc048bfdac2f	commit \| diff

font: Fix size overflow in grub_font_get_glyph_internal()

The length of memory allocation and file read may overflow. This patch
fixes the problem by using safemath macros.

There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
It is safe replacement for such code. It has safemath-like prototype.

This patch also introduces grub_cast(value, pointer), it casts value to
typeof(*pointer) then store the value to *pointer. It returns true when
overflow occurs or false if there is no overflow. The semantics of arguments
and return value are designed to be consistent with other safemath macros.

Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

debian/patches/cve_2022_2601/0003-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch	[new file with mode: 0644]	blob
grub-core/font/font.c		diff \| blob \| blame \| history
include/grub/bitmap.h		diff \| blob \| blame \| history
include/grub/safemath.h		diff \| blob \| blame \| history