[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[]
|
From: |
Daniel Kiper |
|
Subject: |
[PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[] |
|
Date: |
Fri, 23 Jun 2023 00:08:54 +0200 |
Fixes: CID 96636
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/lib/relocator.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 568fc0b8f..e0478ae5b 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
lo->freebytes[offstart / 8]
&= ((1 << (8 - (start % 8))) - 1);
- grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
- offend / 8 - (offstart + 7) / 8);
- lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+ if (offend / 8 > (offstart + 7) / 8)
+ grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+ offend / 8 - (offstart + 7) / 8);
+ if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
+ lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
}
break;
#endif
--
2.11.0
- [PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[],
Daniel Kiper <=