[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflo
|
From: |
Daniel Kiper |
|
Subject: |
[SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow |
|
Date: |
Tue, 2 Mar 2021 19:00:57 +0100 |
From: Darren Kenny <darren.kenny@oracle.com>
It is minimal possibility that the values being used here will overflow.
So, change the code to use the safemath function grub_mul() to ensure
that doesn't happen.
Fixes: CID 73761
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/fb/video_fb.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
index 1c9a138dc..ae6b89f9a 100644
--- a/grub-core/video/fb/video_fb.c
+++ b/grub-core/video/fb/video_fb.c
@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info
*mode_info,
volatile void *page1_ptr)
{
grub_err_t err;
- grub_size_t page_size = mode_info->pitch * mode_info->height;
+ grub_size_t page_size = 0;
+
+ if (grub_mul (mode_info->pitch, mode_info->height, &page_size))
+ {
+ /* Shouldn't happen, but if it does we've a bug. */
+ return GRUB_ERR_BUG;
+ }
framebuffer.offscreen_buffer = grub_malloc (page_size);
if (! framebuffer.offscreen_buffer)
--
2.11.0
- [SECURITY PATCH 040/117] affs: Fix memory leaks, (continued)
- [SECURITY PATCH 040/117] affs: Fix memory leaks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 038/117] zfs: Fix possible integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 037/117] zfs: Fix resource leaks while constructing path, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 041/117] libgcrypt/mpi: Fix possible unintended sign extension, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 044/117] normal/completion: Fix leaking of memory when processing a completion, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 043/117] syslinux: Fix memory leak while parsing, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 042/117] libgcrypt/mpi: Fix possible NULL dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 046/117] commands/probe: Fix a resource leak when probing disks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 047/117] video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow,
Daniel Kiper <=
- [SECURITY PATCH 048/117] video/fb/fbfill: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 051/117] video/readers/jpeg: Test for an invalid next marker reference from a jpeg file, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 049/117] video/fb/video_fb: Fix multiple integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 053/117] loader/bsd: Check for NULL arg up-front, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 052/117] gfxmenu/gui_list: Remove code that coverity is flagging as dead, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 054/117] loader/xnu: Fix memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 055/117] loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 056/117] loader/xnu: Check if pointer is NULL before using it, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 057/117] util/grub-install: Fix NULL pointer dereferences, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a signed value, Daniel Kiper, 2021/03/02