tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lib/relocator: Fix dereference after NULL check

Browse Source 
In the function free_subchunk(), after checking that subchu->post isn't NULL,
grub_memset() is called on subchu->pre->freebytes but it should be called on
subchu->post->freebytes. If subchu->pre is NULL but subchu->post isn't NULL,
then this could lead to a NULL pointer dereference.

Fixes: CID 473882

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Vladimir Serbinenko 2025-11-19 06:37:32 +00:00 committed by Daniel Kiper
parent 1a5417f39a
commit ae69b464be
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
grub-core/lib/relocator.c
View File

@ -398,9 +398,9 @@ free_subchunk (const struct grub_relocator_subchunk *subchu)
if (subchu->post) if (subchu->post)
{ {
int off = subchu->start + subchu->size - fend; int off = subchu->start + subchu->size - fend;
grub_memset (subchu->pre->freebytes, grub_memset (subchu->post->freebytes,
0xff, sizeof (subchu->pre->freebytes) - off / 8); 0xff, sizeof (subchu->post->freebytes) - off / 8 - 1);
subchu->pre->freebytes[off / 8] |= ((1 << (8 - (off % 8))) - 1); subchu->post->freebytes[sizeof (subchu->post->freebytes) - off / 8 - 1] |= ((1 << (8 - (off % 8))) - 1);
check_leftover (subchu->post); check_leftover (subchu->post);
} }
#endif #endif