vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

calloc: Use calloc() at most places

Browse source 
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones 2020-06-15 12:26:01 -04:00 committed by Daniel Kiper
parent 64e26162eb
commit f725fa7cb2
87 changed files with 179 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

4
grub-core/fs/udf.c
View file

@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
{
unsigned i;
utf16len = sz - 1;
utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
if (!utf16)
return NULL;
for (i = 0; i < utf16len; i++)
@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf)
{
unsigned i;
utf16len = (sz - 1) / 2;
utf16 = grub_malloc (utf16len * sizeof (utf16[0]));
utf16 = grub_calloc (utf16len, sizeof (utf16[0]));
if (!utf16)
return NULL;
for (i = 0; i < utf16len; i++)