From eba6db6323caf2c25e3531902b73c4a1a40a2d1a Mon Sep 17 00:00:00 2001 From: Daniel Kiper Date: Fri, 12 Feb 2016 15:58:22 +0100 Subject: [PATCH] relocator: Fix integer underflow. --- grub-core/lib/relocator.c | 50 +++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c index f759c7f41..ea3ebc719 100644 --- a/grub-core/lib/relocator.c +++ b/grub-core/lib/relocator.c @@ -736,26 +736,36 @@ malloc_in_range (struct grub_relocator *rel, } isinsideafter = (!ncollisions && (nstarted || ((nlefto || nstartedfw) && !nblockfw))); - if (!isinsidebefore && isinsideafter) - starta = from_low_priv ? ALIGN_UP (events[j].pos, align) - : ALIGN_DOWN (events[j].pos - size, align) + size; - if (isinsidebefore && !isinsideafter && from_low_priv) - { - target = starta; - if (target < start) - target = start; - if (target + size <= end && target + size <= events[j].pos) - /* Found an usable address. */ - goto found; - } - if (isinsidebefore && !isinsideafter && !from_low_priv) - { - target = starta - size; - if (target > end - size) - target = end - size; - if (target >= start && target >= events[j].pos) - goto found; - } + if (from_low_priv) { + if (!isinsidebefore && isinsideafter) + starta = ALIGN_UP (events[j].pos, align); + + if (isinsidebefore && !isinsideafter) + { + target = starta; + if (target < start) + target = start; + if (target + size <= end && target + size <= events[j].pos) + /* Found an usable address. */ + goto found; + } + } else { + if (!isinsidebefore && isinsideafter) + { + if (events[j].pos >= size) + starta = ALIGN_DOWN (events[j].pos - size, align) + size; + else + starta = 0; + } + if (isinsidebefore && !isinsideafter && starta >= size) + { + target = starta - size; + if (target > end - size) + target = end - size; + if (target >= start && target >= events[j].pos) + goto found; + } + } } }