vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

calloc: Use calloc() at most places

Browse source 
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones 2020-06-15 12:26:01 -04:00 committed by Daniel Kiper
parent 64e26162eb
commit f725fa7cb2
87 changed files with 179 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

2
grub-core/loader/i386/bsdXX.c
View file

@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr)
if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS))
return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic"));
*shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize);
*shdr = grub_calloc (e->e_shnum, e->e_shentsize);
if (! *shdr)
return grub_errno;

4
grub-core/loader/i386/xnu.c
View file

@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d
return grub_errno;
len = grub_strlen (name);
utf16 = grub_malloc (sizeof (grub_uint16_t) * len);
utf16 = grub_calloc (len, sizeof (grub_uint16_t));
if (!utf16)
{
grub_free (utf8);
@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor *
grub_uint16_t *utf16;
grub_err_t err;
utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen);
utf16 = grub_calloc (namelen, sizeof (grub_uint16_t));
if (!utf16)
return grub_errno;
grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen);