From 59ec05bcf8bb443853c109039752cefdfc1c5e13 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Wed, 17 Feb 2016 18:09:44 +0100
Subject: [PATCH] mm: Avoid integer overflow.

---
 grub-core/kern/mm.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
index 1c3d02388..ee88ff611 100644
--- a/grub-core/kern/mm.c
+++ b/grub-core/kern/mm.c
@@ -325,6 +325,15 @@ grub_memalign (grub_size_t align, grub_size_t size)
   if (!grub_mm_base)
     goto fail;
 
+  if (size > ~(grub_size_t) align)
+    goto fail;
+
+  /* We currently assume at least a 32-bit grub_size_t,
+     so limiting allocations to <adress space size> - 1MiB
+     in name of sanity is beneficial. */
+  if ((size + align) > ~(grub_size_t) 0x100000)
+    goto fail;
+
   align = (align >> GRUB_MM_ALIGN_LOG2);
   if (align == 0)
     align = 1;