This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
* grub-core/video/i386/pc/vbe.c (framebuffer): New member mtrr.
(cpuid): New define.
(rdmsr): Likewise.
(wrmsr): Likewise.
(mtrr_base): Likewise.
(mtrr_mask): Likewise.
(grub_vbe_enable_mtrr_entry): New function.
(grub_vbe_enable_mtrr): Likewise.
(grub_vbe_disable_mtrr): Likewise.
(grub_vbe_bios_set_display_start): Disable mtrr when handing the
control off to BIOS.
(grub_video_vbe_init): Fill mtrr.
(grub_video_vbe_fini): Disable mtrr.
(grub_video_vbe_get_info_and_fini): Likewise.
(grub_video_vbe_setup): Enable mtrr.
* grub-core/video/video.c (grub_video_edid_checksum): New function.
(grub_video_edid_preferred_mode): Likewise. Try EDID followed by
the Flat Panel extension, in line with the X.org VESA driver.
* grub-core/video/i386/pc/vbe.c (grub_vbe_bios_get_flat_panel_info):
New function.
(grub_vbe_bios_get_ddc_capabilities): Likewise.
(grub_vbe_bios_read_edid): Likewise.
(grub_vbe_get_preferred_mode): Likewise.
(grub_video_vbe_setup): When the mode is "auto", try to get the
preferred mode from VBE, and use the largest mode that is no larger
than the preferred mode (some BIOSes expose a preferred mode that is
not in their mode list!). If this fails, fall back to 640x480 as a
safe conservative choice.
(grub_video_vbe_get_edid): New function.
(grub_video_vbe_adapter): Add get_edid.
* include/grub/video.h (struct grub_vbe_edid_info): New structure.
(struct grub_video_adapter): Add get_edid.
(grub_video_edid_checksum): Add prototype.
(grub_video_edid_preferred_mode): Likewise.
* include/grub/i386/pc/vbe.h (struct grub_vbe_flat_panel_info): New
structure.
* grub-core/commands/videoinfo.c (print_edid): New function.
(grub_cmd_videoinfo): Print EDID if available.
* util/grub.d/00_header.in (GRUB_GFXMODE): Default to "auto". This
is more appropriate on a wider range of platforms than 640x480.
* docs/grub.texi (Simple configuration): Update GRUB_GFXMODE
documentation.
video adapter has not necessarily yet been set. Use grub_video_vbe_get_edid
and grub_video_edid_checksum directly instead. Remove grub_video_get_edid
as it now has no users.
Reported by: Marjo Mercado.
* grub-core/video/i386/pc/vbe.c (grub_vbe_bios_get_flat_panel_info):
New function.
(grub_vbe_bios_get_ddc_capabilities): Likewise.
(grub_vbe_bios_read_edid): Likewise.
(grub_vbe_edid_checksum): Likewise.
(grub_vbe_get_preferred_mode): Likewise. Try EDID followed by the
Flat Panel extension, in line with the X.org VESA driver.
(grub_video_vbe_setup): When the mode is "auto", try to get the
preferred mode from VBE, and use the largest mode that is no larger
than the preferred mode (some BIOSes expose a preferred mode that is
not in their mode list!). If this fails, fall back to 640x480 as a
safe conservative choice.
* include/grub/i386/pc/vbe.h (struct grub_vbe_flat_panel_info): New
structure.
(struct grub_vbe_edid_info): Likewise.
(grub_vbe_bios_get_flat_panel_info): Add prototype.
(grub_vbe_bios_get_ddc_capabilities): Likewise.
(grub_vbe_bios_read_edid): Likewise.
* util/grub.d/00_header.in (GRUB_GFXMODE): Default to "auto". This
is more appropriate on a wider range of platforms than 640x480.