This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
* grub-core/gfxmenu/widget-box.c (get_border_width): New function.
(grub_gfxmenu_create_box): Register get_border_width.
* grub-core/gfxmenu/gui_list.c (draw_menu): Use get_border_width
if available.
* include/grub/gfxwidgets.h (grub_gfxmenu_box): New member
get_border_width.