Re: [PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes

From:

Vladimir 'phcoder' Serbinenko

Subject:

Re: [PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[]

Date:

Fri, 23 Jun 2023 00:14:31 +0200

Reviewedby: Vladimir Serbinenko <phcoder@gmail.com>

Le ven. 23 juin 2023, 00:09, Daniel Kiper <daniel.kiper@oracle.com> a écrit :

Fixes: CID 96636

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/lib/relocator.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 568fc0b8f..e0478ae5b 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -881,9 +881,11 @@ malloc_in_range (struct grub_relocator *rel,
offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
lo->freebytes[offstart / 8]
&= ((1 << (8 - (start % 8))) - 1);
- grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
- offend / 8 - (offstart + 7) / 8);
- lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+ if (offend / 8 > (offstart + 7) / 8)
+ grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+ offend / 8 - (offstart + 7) / 8);
+ if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
+ lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
}
break;
#endif
--
2.11.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[], Daniel Kiper, 2023/06/22

Re: [PATCH] lib/relocator: Fix OOB write when initializing lo->freebytes[], Vladimir 'phcoder' Serbinenko <=