From 59b6b6d2c5663f236918db4a84e6ed7d5ba707fa Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Tue, 5 Jan 2021 13:19:43 +0000
Subject: [PATCH] uefi-dbx: Fix a critical warning when parsing invalid
 firmware

---
 plugins/uefi-dbx/fu-efi-signature-list.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/plugins/uefi-dbx/fu-efi-signature-list.c b/plugins/uefi-dbx/fu-efi-signature-list.c
index 041b7ff38..3eeedddce 100644
--- a/plugins/uefi-dbx/fu-efi-signature-list.c
+++ b/plugins/uefi-dbx/fu-efi-signature-list.c
@@ -28,12 +28,24 @@ fu_efi_signature_list_parse_item (FuEfiSignatureList *self,
 				  GError **error)
 {
 	fwupd_guid_t guid;
-	gsize sig_datasz = sig_size - sizeof(fwupd_guid_t);
+	gsize sig_datasz;
 	g_autofree gchar *sig_owner = NULL;
-	g_autofree guint8 *sig_data = g_malloc0 (sig_datasz);
+	g_autofree guint8 *sig_data = NULL;
 	g_autoptr(FuEfiSignature) sig = NULL;
 	g_autoptr(GBytes) data = NULL;
 
+	/* allocate data buf */
+	if (sig_size <= sizeof(fwupd_guid_t)) {
+		g_set_error (error,
+			     G_IO_ERROR,
+			     G_IO_ERROR_FAILED,
+			     "SignatureSize invalid: 0x%x",
+			     (guint) sig_size);
+		return FALSE;
+	}
+	sig_datasz = sig_size - sizeof(fwupd_guid_t);
+	sig_data = g_malloc0 (sig_datasz);
+
 	/* read both blocks of data */
 	if (!fu_memcpy_safe ((guint8 *) &guid, sizeof(guid), 0x0,	/* dst */
 			     buf, bufsz, offset,			/* src */