This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
* grub-core/normal/charset.c (grub_unicode_aglomerate_comb): Don't
agglomerate control characters with combining marks.
(bidi_line_wrap): Allow break on tab.
(grub_unicode_get_comb_start): New function.
* grub-core/normal/menu_entry.c: Restructure to handle wide characters
and tab correctly.
* grub-core/normal/menu_text.c (print_entry): Replace \n, \r, \b and \e
with a space.
* grub-core/normal/term.c (print_ucs4_terminal): New argument
fixed_tab_size. All users updated.
* include/grub/term.h (GRUB_TERM_TAB_WIDTH): New const.
(grub_term_getcharwidth): Handle \t.
* include/grub/unicode.h (grub_unicode_glyph_dup): Fix allocation
and copy.
* grub-core/normal/menu_entry.c (per_term_screen): New member
num_entries.
(print_down): Use num_entries.
(update_screen): Likewise.
(grub_menu_entry_run): Set num_entries.
* grub-core/normal/menu_text.c (menu_viewer_data): New member
num_entries.
(grub_print_message_indented): Move real part to ...
(grub_print_message_indented_real): ... here. Additional argument
dry_run.
(draw_border): Additional argument num_entries.
(print_message): Additional argument dry_run.
(print_entries): Receive menu viewer data.
(grub_menu_init_page): New argment num_entries.
(menu_text_set_chosen_entry): Use num_entries.
(grub_menu_try_text): Likewise.
* grub-core/normal/term.c (print_ucs4_terminal): New argument dry_run.
All users updated.
(grub_ucs4_count_lines): New function.
* include/grub/term.h (grub_term_cursor_x): Moved from here ..
* grub-core/normal/menu_text.c (grub_term_cursor_x): ... to here.
* include/grub/term.h (GRUB_TERM_MESSAGE_HEIGHT): Removed.
(grub_term_border_height): Likewise.
(grub_term_num_entries): Likewise.