From 24e9a854b8a21326b81f23478ccb2c8020e78285 Mon Sep 17 00:00:00 2001 From: Vladimir 'phcoder' Serbinenko Date: Sun, 6 May 2012 16:20:55 +0200 Subject: [PATCH] * grub-core/fs/bfs.c (read_bfs_file): Fix overflow with over 2TiB filesystems. --- ChangeLog | 5 +++++ grub-core/fs/bfs.c | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7dcc83ee8..38ffad77e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2012-05-06 Vladimir Serbinenko + + * grub-core/fs/bfs.c (read_bfs_file): Fix overflow with over 2TiB + filesystems. + 2012-05-06 Vladimir Serbinenko * grub-core/fs/affs.c (grub_affs_read_block): Fix theoretical overflow. diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c index f050bc98e..1d3b562b6 100644 --- a/grub-core/fs/bfs.c +++ b/grub-core/fs/bfs.c @@ -225,7 +225,7 @@ read_bfs_file (grub_disk_t disk, for (i = 0; i < ARRAY_SIZE (ino->direct); i++) { grub_uint64_t newpos; - newpos = pos + (grub_bfs_to_cpu16 (ino->direct[i].len) + newpos = pos + (((grub_uint64_t) grub_bfs_to_cpu16 (ino->direct[i].len)) << grub_bfs_to_cpu32 (sb->log2_bsize)); if (newpos > off) { @@ -261,7 +261,7 @@ read_bfs_file (grub_disk_t disk, grub_err_t err; grub_uint64_t pos = (grub_bfs_to_cpu64 (ino->max_direct_range) << RANGE_SHIFT); - nentries = (grub_bfs_to_cpu16 (ino->indirect.len) + nentries = (((grub_size_t) grub_bfs_to_cpu16 (ino->indirect.len)) << (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE)); entries = grub_malloc (nentries << LOG_EXTENT_SIZE); if (!entries) @@ -271,7 +271,7 @@ read_bfs_file (grub_disk_t disk, for (i = 0; i < nentries; i++) { grub_uint64_t newpos; - newpos = pos + (grub_bfs_to_cpu16 (entries[i].len) + newpos = pos + (((grub_uint64_t) grub_bfs_to_cpu16 (entries[i].len)) << grub_bfs_to_cpu32 (sb->log2_bsize)); if (newpos > off) { @@ -310,7 +310,7 @@ read_bfs_file (grub_disk_t disk, grub_size_t nl1_entries, nl2_entries; grub_off_t last_l1n = ~0ULL; grub_err_t err; - nl1_entries = (grub_bfs_to_cpu16 (ino->double_indirect.len) + nl1_entries = (((grub_uint64_t) grub_bfs_to_cpu16 (ino->double_indirect.len)) << (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE)); l1_entries = grub_malloc (nl1_entries << LOG_EXTENT_SIZE); if (!l1_entries) @@ -359,7 +359,7 @@ read_bfs_file (grub_disk_t disk, } if (l1n != last_l1n) { - nl2_entries = (grub_bfs_to_cpu16 (l1_entries[l1n].len) + nl2_entries = (((grub_uint64_t) grub_bfs_to_cpu16 (l1_entries[l1n].len)) << (grub_bfs_to_cpu32 (sb->log2_bsize) - LOG_EXTENT_SIZE)); if (nl2_entries > (1U << (grub_bfs_to_cpu32 (sb->log2_bsize)