calloc: Use calloc() at most places
This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones
Daniel Kiper
parent
64e26162eb
commit
f725fa7cb2
87 changed files with 179 additions and 178 deletions
|
|
@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node)
|
|||
return 0;
|
||||
}
|
||||
latin1[symlink_size] = 0;
|
||||
utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1);
|
||||
utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size);
|
||||
if (!utf8)
|
||||
{
|
||||
grub_free (latin1);
|
||||
|
|
@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
|
|||
return 1;
|
||||
}
|
||||
|
||||
hashtable = grub_zalloc (data->htsize * sizeof (*hashtable));
|
||||
hashtable = grub_calloc (data->htsize, sizeof (*hashtable));
|
||||
if (!hashtable)
|
||||
return 1;
|
||||
|
||||
|
|
@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label)
|
|||
len = file.namelen;
|
||||
if (len > sizeof (file.name))
|
||||
len = sizeof (file.name);
|
||||
*label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
|
||||
*label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len);
|
||||
if (*label)
|
||||
*grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -415,7 +415,7 @@ lower_bound (struct grub_btrfs_data *data,
|
|||
{
|
||||
desc->allocated = 16;
|
||||
desc->depth = 0;
|
||||
desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated);
|
||||
desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0]));
|
||||
if (!desc->data)
|
||||
return grub_errno;
|
||||
}
|
||||
|
|
@ -754,7 +754,7 @@ raid56_read_retry (struct grub_btrfs_data *data,
|
|||
grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY;
|
||||
grub_uint64_t i, failed_devices;
|
||||
|
||||
buffers = grub_zalloc (sizeof(*buffers) * nstripes);
|
||||
buffers = grub_calloc (nstripes, sizeof (*buffers));
|
||||
if (!buffers)
|
||||
goto cleanup;
|
||||
|
||||
|
|
@ -2167,7 +2167,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)),
|
|||
*nsectors = 64 * 2 - 1;
|
||||
if (*nsectors > max_nsectors)
|
||||
*nsectors = max_nsectors;
|
||||
*sectors = grub_malloc (*nsectors * sizeof (**sectors));
|
||||
*sectors = grub_calloc (*nsectors, sizeof (**sectors));
|
||||
if (!*sectors)
|
||||
return grub_errno;
|
||||
for (i = 0; i < *nsectors; i++)
|
||||
|
|
|
|||
|
|
@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label)
|
|||
grub_size_t len = data->sblock.volname[0];
|
||||
if (len > sizeof (data->sblock.volname) - 1)
|
||||
len = sizeof (data->sblock.volname) - 1;
|
||||
*label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
|
||||
*label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len);
|
||||
if (*label)
|
||||
macroman_to_utf8 (*label, data->sblock.volname + 1,
|
||||
len + 1, 0);
|
||||
|
|
|
|||
|
|
@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg)
|
|||
if (! filename)
|
||||
return 0;
|
||||
|
||||
keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname));
|
||||
keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname));
|
||||
if (!keyname)
|
||||
{
|
||||
grub_free (filename);
|
||||
|
|
@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
|
|||
grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
|
||||
|
||||
label_len = grub_be_to_cpu16 (catkey->namelen);
|
||||
label_name = grub_malloc (label_len * sizeof (*label_name));
|
||||
label_name = grub_calloc (label_len, sizeof (*label_name));
|
||||
if (!label_name)
|
||||
{
|
||||
grub_free (node);
|
||||
|
|
@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label)
|
|||
}
|
||||
}
|
||||
|
||||
*label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
*label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
if (! *label)
|
||||
{
|
||||
grub_free (label_name);
|
||||
|
|
|
|||
|
|
@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len)
|
|||
int i;
|
||||
grub_uint16_t t[MAX_NAMELEN / 2 + 1];
|
||||
|
||||
p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
if (! p)
|
||||
return NULL;
|
||||
|
||||
|
|
|
|||
|
|
@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len)
|
|||
grub_uint16_t *tmp;
|
||||
grub_size_t i;
|
||||
|
||||
buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
tmp = grub_malloc (len * sizeof (tmp[0]));
|
||||
buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
tmp = grub_calloc (len, sizeof (tmp[0]));
|
||||
if (!buf || !tmp)
|
||||
{
|
||||
grub_free (buf);
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
|
|||
node->next_extent = node->block;
|
||||
node->cache_size = 0;
|
||||
|
||||
node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size);
|
||||
node->cache = grub_calloc (cache_size, sizeof (node->cache[0]));
|
||||
if (!node->cache)
|
||||
{
|
||||
grub_errno = 0;
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
|
|||
if (data->linkname_alloc < linksize + 1)
|
||||
{
|
||||
char *n;
|
||||
n = grub_malloc (2 * (linksize + 1));
|
||||
n = grub_calloc (2, linksize + 1);
|
||||
if (!n)
|
||||
return grub_errno;
|
||||
grub_free (data->linkname);
|
||||
|
|
|
|||
|
|
@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
|
|||
{
|
||||
unsigned i;
|
||||
utf16len = sz - 1;
|
||||
utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
|
||||
utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
|
||||
if (!utf16)
|
||||
return NULL;
|
||||
for (i = 0; i < utf16len; i++)
|
||||
|
|
@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
|
|||
{
|
||||
unsigned i;
|
||||
utf16len = (sz - 1) / 2;
|
||||
utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
|
||||
utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
|
||||
if (!utf16)
|
||||
return NULL;
|
||||
for (i = 0; i < utf16len; i++)
|
||||
|
|
|
|||
|
|
@ -3328,7 +3328,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
|
|||
}
|
||||
subvol->nkeys = 0;
|
||||
zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data);
|
||||
subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
|
||||
subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0]));
|
||||
if (!subvol->keyring)
|
||||
{
|
||||
grub_free (fsname);
|
||||
|
|
@ -4339,7 +4339,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)),
|
|||
*nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS);
|
||||
if (*nsectors > max_nsectors)
|
||||
*nsectors = max_nsectors;
|
||||
*sectors = grub_malloc (*nsectors * sizeof (**sectors));
|
||||
*sectors = grub_calloc (*nsectors, sizeof (**sectors));
|
||||
if (!*sectors)
|
||||
return grub_errno;
|
||||
for (i = 0; i < *nsectors; i++)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue