git.proxmox.com Git - grub2.git/commit

author	Zhang Boyang <zhangboyang.id@gmail.com>
	Sun, 14 Aug 2022 18:04:58 +0000 (02:04 +0800)
committer	Steve McIntyre <93sam@debian.org>
	Sat, 12 Nov 2022 22:51:49 +0000 (22:51 +0000)
commit	b24a98f9359be906086eb588f278b98a9412a141
tree	de372d2ddada818c2421fc4d24b30336934ffd87	tree
parent	96409d679abf693d09d5683203b7fa20c70c6ac8	commit \| diff

font: Fix integer overflow in BMP index

The BMP index (font->bmp_idx) is designed as a reverse lookup table of
char entries (font->char_index), in order to speed up lookups for BMP
chars (i.e. code < 0x10000). The values in BMP index are the subscripts
of the corresponding char entries, stored in grub_uint16_t, while 0xffff
means not found.

This patch fixes the problem of large subscript truncated to grub_uint16_t,
leading BMP index to return wrong char entry or report false miss. The
code now checks for bounds and uses BMP index as a hint, and fallbacks
to binary-search if necessary.

On the occasion add a comment about BMP index is initialized to 0xffff.

Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

debian/patches/cve_2022_2601/0007-font-Fix-integer-overflow-in-BMP-index.patch	[new file with mode: 0644]	blob
grub-core/font/font.c		diff \| blob \| blame \| history