grub/grub-core/script
Peter Jones f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
..
argv.c * grub-core/script/argv.c (grub_script_argv_split_append): Skip leading 2012-03-19 13:29:43 +01:00
execute.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
function.c Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
lexer.c script: fix double free in lexer 2017-02-12 09:23:34 +03:00
main.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
parser.y Remove pragmas related to -Wunreachable-code 2016-01-20 15:56:55 +00:00
script.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
yylex.l yylex: Make lexer fatal errors actually be fatal 2020-07-29 16:55:47 +02:00