calloc: Use calloc() at most places
This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones
Daniel Kiper
parent
64e26162eb
commit
f725fa7cb2
87 changed files with 179 additions and 178 deletions
|
|
@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
|
|||
|
||||
len = grub_strlen (var);
|
||||
len16 = len * GRUB_MAX_UTF16_PER_UTF8;
|
||||
var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
|
||||
var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
|
||||
if (!var16)
|
||||
return grub_errno;
|
||||
len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
|
||||
|
|
@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
|
|||
|
||||
len = grub_strlen (var);
|
||||
len16 = len * GRUB_MAX_UTF16_PER_UTF8;
|
||||
var16 = grub_malloc ((len16 + 1) * sizeof (var16[0]));
|
||||
var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
|
||||
if (!var16)
|
||||
return NULL;
|
||||
len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
|
||||
|
|
@ -393,7 +393,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
|
|||
while (len > 0 && fp->path_name[len - 1] == 0)
|
||||
len--;
|
||||
|
||||
dup_name = grub_malloc (len * sizeof (*dup_name));
|
||||
dup_name = grub_calloc (len, sizeof (*dup_name));
|
||||
if (!dup_name)
|
||||
{
|
||||
grub_free (name);
|
||||
|
|
|
|||
|
|
@ -615,7 +615,7 @@ static char *
|
|||
grub_util_path_concat_real (size_t n, int ext, va_list ap)
|
||||
{
|
||||
size_t totlen = 0;
|
||||
char **l = xmalloc ((n + ext) * sizeof (l[0]));
|
||||
char **l = xcalloc (n + ext, sizeof (l[0]));
|
||||
char *r, *p, *pi;
|
||||
size_t i;
|
||||
int first = 1;
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
|
|||
while (p);
|
||||
|
||||
/* Allocate a block list. */
|
||||
blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1));
|
||||
blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block));
|
||||
if (! blocks)
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -704,7 +704,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args,
|
|||
args->ptr = args->prealloc;
|
||||
else
|
||||
{
|
||||
args->ptr = grub_malloc (args->count * sizeof (args->ptr[0]));
|
||||
args->ptr = grub_calloc (args->count, sizeof (args->ptr[0]));
|
||||
if (!args->ptr)
|
||||
{
|
||||
grub_errno = GRUB_ERR_NONE;
|
||||
|
|
|
|||
|
|
@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline,
|
|||
return grub_errno;
|
||||
grub_memcpy (args, buffer, bp - buffer);
|
||||
|
||||
*argv = grub_malloc (sizeof (char *) * (*argc + 1));
|
||||
*argv = grub_calloc (*argc + 1, sizeof (char *));
|
||||
if (!*argv)
|
||||
{
|
||||
grub_free (args);
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@ grub_uboot_dev_enum (void)
|
|||
return num_devices;
|
||||
|
||||
max_devices = 2;
|
||||
enum_devices = grub_malloc (sizeof(struct device_info) * max_devices);
|
||||
enum_devices = grub_calloc (max_devices, sizeof(struct device_info));
|
||||
if (!enum_devices)
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue