tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lib/relocator: Fix OOB write when initializing lo->freebytes[]

Browse Source 
Fixes: CID 96636

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
This commit is contained in:
Daniel Kiper 2023-06-23 00:02:24 +02:00
parent 5658f35af9
commit 9dbfbcd660
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
grub-core/lib/relocator.c
View File

@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
lo->freebytes[offstart / 8]
&= ((1 << (8 - (start % 8))) - 1);
grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
offend / 8 - (offstart + 7) / 8);
lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
if (offend / 8 > (offstart + 7) / 8)
grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
offend / 8 - (offstart + 7) / 8);
if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
}
break;
#endif