vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

loader: Unintended sign extension

Browse source 
CID: 96707, 96699, 96693, 96691, 96711, 96709, 96708, 96703, 96702,
96700, 96698, 96696, 96695, 96692, 96710, 96705
This commit is contained in:
Andrei Borzenkov 2016-01-13 20:15:07 +03:00
parent b95e926788
commit 4f8fe948b9
3 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
grub-core/kern/dl.c
View file

@ -605,7 +605,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
} }
/* Make sure that every section is within the core. */ /* Make sure that every section is within the core. */
if (size < e->e_shoff + e->e_shentsize * e->e_shnum) if (size < e->e_shoff + (grub_uint32_t) e->e_shentsize * e->e_shnum)
{ {
grub_error (GRUB_ERR_BAD_OS, "ELF sections outside core"); grub_error (GRUB_ERR_BAD_OS, "ELF sections outside core");
return 0; return 0;

24
grub-core/loader/i386/bsdXX.c
View file

@ -48,15 +48,15 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
*shdr = grub_malloc (e->e_shnum * e->e_shentsize); *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
if (! *shdr) if (! *shdr)
return grub_errno; return grub_errno;
if (grub_file_seek (file, e->e_shoff) == (grub_off_t) -1) if (grub_file_seek (file, e->e_shoff) == (grub_off_t) -1)
return grub_errno; return grub_errno;
if (grub_file_read (file, *shdr, e->e_shnum * e->e_shentsize) if (grub_file_read (file, *shdr, (grub_uint32_t) e->e_shnum * e->e_shentsize)
!= e->e_shnum * e->e_shentsize) != (grub_uint32_t) e->e_shnum * e->e_shentsize)
{ {
if (grub_errno) if (grub_errno)
return grub_errno; return grub_errno;
@ -200,8 +200,8 @@ SUFFIX (grub_freebsd_load_elfmodule) (struct grub_relocator *relocator,
if (chunk_size < sizeof (e)) if (chunk_size < sizeof (e))
chunk_size = sizeof (e); chunk_size = sizeof (e);
chunk_size += e.e_phnum * e.e_phentsize; chunk_size += (grub_uint32_t) e.e_phnum * e.e_phentsize;
chunk_size += e.e_shnum * e.e_shentsize; chunk_size += (grub_uint32_t) e.e_shnum * e.e_shentsize;
{ {
grub_relocator_chunk_t ch; grub_relocator_chunk_t ch;
@ -253,14 +253,14 @@ SUFFIX (grub_freebsd_load_elfmodule) (struct grub_relocator *relocator,
curload = module + sizeof (e); curload = module + sizeof (e);
load (file, argv[0], (grub_uint8_t *) chunk_src + curload - *kern_end, e.e_shoff, load (file, argv[0], (grub_uint8_t *) chunk_src + curload - *kern_end, e.e_shoff,
e.e_shnum * e.e_shentsize); (grub_uint32_t) e.e_shnum * e.e_shentsize);
e.e_shoff = curload - module; e.e_shoff = curload - module;
curload += e.e_shnum * e.e_shentsize; curload += (grub_uint32_t) e.e_shnum * e.e_shentsize;
load (file, argv[0], (grub_uint8_t *) chunk_src + curload - *kern_end, e.e_phoff, load (file, argv[0], (grub_uint8_t *) chunk_src + curload - *kern_end, e.e_phoff,
e.e_phnum * e.e_phentsize); (grub_uint32_t) e.e_phnum * e.e_phentsize);
e.e_phoff = curload - module; e.e_phoff = curload - module;
curload += e.e_phnum * e.e_phentsize; curload += (grub_uint32_t) e.e_phnum * e.e_phentsize;
*kern_end = curload; *kern_end = curload;
@ -462,7 +462,7 @@ SUFFIX (grub_netbsd_load_elf_meta) (struct grub_relocator *relocator,
chunk_size = ALIGN_UP (symsize, sizeof (grub_freebsd_addr_t)) chunk_size = ALIGN_UP (symsize, sizeof (grub_freebsd_addr_t))
+ ALIGN_UP (strsize, sizeof (grub_freebsd_addr_t)) + ALIGN_UP (strsize, sizeof (grub_freebsd_addr_t))
+ sizeof (e) + e.e_shnum * e.e_shentsize; + sizeof (e) + (grub_uint32_t) e.e_shnum * e.e_shentsize;
symtarget = ALIGN_UP (*kern_end, sizeof (grub_freebsd_addr_t)); symtarget = ALIGN_UP (*kern_end, sizeof (grub_freebsd_addr_t));
{ {
@ -498,10 +498,10 @@ SUFFIX (grub_netbsd_load_elf_meta) (struct grub_relocator *relocator,
s2 = (Elf_Shdr *) curload; s2 = (Elf_Shdr *) curload;
grub_memcpy (curload, s, e.e_shentsize); grub_memcpy (curload, s, e.e_shentsize);
if (s == symsh) if (s == symsh)
s2->sh_offset = sizeof (e) + e.e_shnum * e.e_shentsize; s2->sh_offset = sizeof (e) + (grub_uint32_t) e.e_shnum * e.e_shentsize;
else if (s == strsh) else if (s == strsh)
s2->sh_offset = ALIGN_UP (symsize, sizeof (grub_freebsd_addr_t)) s2->sh_offset = ALIGN_UP (symsize, sizeof (grub_freebsd_addr_t))
+ sizeof (e) + e.e_shnum * e.e_shentsize; + sizeof (e) + (grub_uint32_t) e.e_shnum * e.e_shentsize;
else else
s2->sh_offset = 0; s2->sh_offset = 0;
s2->sh_addr = s2->sh_offset; s2->sh_addr = s2->sh_offset;

4
grub-core/loader/multiboot_elfxx.c
View file

@ -164,7 +164,7 @@ CONCAT(grub_multiboot_load_elf, XX) (grub_file_t file, const char *filename, voi
{ {
grub_uint8_t *shdr, *shdrptr; grub_uint8_t *shdr, *shdrptr;
shdr = grub_malloc (ehdr->e_shnum * ehdr->e_shentsize); shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize);
if (!shdr) if (!shdr)
return grub_errno; return grub_errno;
@ -174,7 +174,7 @@ CONCAT(grub_multiboot_load_elf, XX) (grub_file_t file, const char *filename, voi
return grub_errno; return grub_errno;
} }
if (grub_file_read (file, shdr, ehdr->e_shnum * ehdr->e_shentsize) if (grub_file_read (file, shdr, (grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize)
!= (grub_ssize_t) ehdr->e_shnum * ehdr->e_shentsize) != (grub_ssize_t) ehdr->e_shnum * ehdr->e_shentsize)
{ {
if (!grub_errno) if (!grub_errno)