vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
grub/grub-core/video
History
Peter Jones 3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations 
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
..
coreboot coreboot: Split parts that are platform-independent. 2017-05-08 19:10:24 +02:00
emu calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
fb video_fb: Fix blue collor if using unoptimized blitter. 2017-02-27 01:58:50 +00:00
i386/pc calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
readers malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
bitmap.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
bitmap_scale.c bitmap_scale: Optimize by moving division out of the loop. 2015-02-26 18:13:36 +01:00
bochs.c Document intentional fallthroughs. 2015-01-27 17:17:58 +01:00
capture.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
cirrus.c Document intentional fallthroughs. 2015-01-27 17:17:58 +01:00
colors.c Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
efi_gop.c efi/gop: Add debug output on GOP probing 2020-03-10 21:42:13 +01:00
efi_uga.c efi/uga: Use video instead of fb as debug condition 2020-03-10 21:41:38 +01:00
ieee1275.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
radeon_fuloong2e.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
radeon_yeeloong3a.c Add Radeon Yeeloong 3A support. 2013-12-17 22:52:04 +01:00
sis315_init.c Fuloong video init support. 2011-05-16 02:34:58 +02:00
sis315pro.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
sm712.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
sm712_init.c
video.c video: skip 'text' gfxpayload if not supported, to fallback to default 2019-05-20 13:00:44 +02:00