tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

video/readers/png: Sanity check some huffman codes

Browse Source 
ASAN picked up two OOB global reads: we weren't checking if some code
values fit within the cplens or cpdext arrays. Check and throw an error
if not.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Daniel Axtens 2021-07-06 19:19:11 +10:00 committed by Daniel Kiper
parent 210245129c
commit 690bee69fa
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
grub-core/video/readers/png.c
View File

@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data)
int len, dist, pos;
n -= 257;
if (((unsigned int) n) >= ARRAY_SIZE (cplens))
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: invalid huff code");
len = cplens[n];
if (cplext[n])
len += grub_png_get_bits (data, cplext[n]);
@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data)
return grub_errno;
n = grub_png_get_huff_code (data, &data->dist_table);
if (((unsigned int) n) >= ARRAY_SIZE (cpdist))
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: invalid huff code");
dist = cpdist[n];
if (cpdext[n])
dist += grub_png_get_bits (data, cpdext[n]);