[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 01/13] font: Reject glyphs exceeds font->max_glyph_width
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 01/13] font: Reject glyphs exceeds font->max_glyph_width or font->max_glyph_height |
Date: |
Tue, 15 Nov 2022 19:00:58 +0100 |
From: Zhang Boyang <zhangboyang.id@gmail.com>
Check glyph's width and height against limits specified in font's
metadata. Reject the glyph (and font) if such limits are exceeded.
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/font/font.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 42189c325..756ca0abf 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font,
grub_uint32_t code)
|| read_be_uint16 (font->file, &height) != 0
|| read_be_int16 (font->file, &xoff) != 0
|| read_be_int16 (font->file, &yoff) != 0
- || read_be_int16 (font->file, &dwidth) != 0)
+ || read_be_int16 (font->file, &dwidth) != 0
+ || width > font->max_char_width
+ || height > font->max_char_height)
{
remove_font (font);
return 0;
--
2.11.0
- [SECURITY PATCH 00/13] Multiple GRUB2 vulnerabilities - 2022/11/15, Daniel Kiper, 2022/11/15
- [SECURITY PATCH 01/13] font: Reject glyphs exceeds font->max_glyph_width or font->max_glyph_height,
Daniel Kiper <=
- [SECURITY PATCH 02/13] font: Fix size overflow in grub_font_get_glyph_internal(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 03/13] font: Fix several integer overflows in grub_font_construct_glyph(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 04/13] font: Remove grub_font_dup_glyph(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 10/13] font: Fix an integer underflow in blit_comb(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 05/13] font: Fix integer overflow in ensure_comb_space(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 07/13] font: Fix integer underflow in binary search of char index, Daniel Kiper, 2022/11/15
- [SECURITY PATCH 08/13] kern/efi/sb: Enforce verification of font files, Daniel Kiper, 2022/11/15
- [SECURITY PATCH 09/13] fbutil: Fix integer overflow, Daniel Kiper, 2022/11/15
- [SECURITY PATCH 11/13] font: Harden grub_font_blit_glyph() and grub_font_blit_glyph_mirror(), Daniel Kiper, 2022/11/15
- [SECURITY PATCH 12/13] font: Assign null_font to glyphs in ascii_font_glyph[], Daniel Kiper, 2022/11/15