proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-08-14 16:59:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zfs: Fix possible integer overflows

Browse Source 
In all cases the problem is that the value being acted upon by
a left-shift is a 32-bit number which is then being used in the
context of a 64-bit number.

To avoid overflow we ensure that the number being shifted is 64-bit
before the shift is done.

Fixes: CID 73684, CID 73695, CID 73764

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Darren Kenny 2020-12-08 22:17:04 +00:00 committed by Daniel Kiper
parent 89bdab9658
commit 302c12ff57
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
grub-core/fs/zfs/zfs.c
View File

@ -567,7 +567,7 @@ find_bestub (uberblock_phys_t * ub_array,
ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array
+ ((i << ub_shift)
/ sizeof (grub_properly_aligned_t)));
err = uberblock_verify (ubptr, offset, 1 << ub_shift);
err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift);
if (err)
{
grub_errno = GRUB_ERR_NONE;
@ -1546,7 +1546,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
high = grub_divmod64 ((offset >> desc->ashift) + c,
desc->n_children, &devn);
csize = bsize << desc->ashift;
csize = (grub_size_t) bsize << desc->ashift;
if (csize > len)
csize = len;
@ -1638,8 +1638,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
while (len > 0)
{
grub_size_t csize;
csize = ((s / (desc->n_children - desc->nparity))
grub_size_t csize = s;
csize = ((csize / (desc->n_children - desc->nparity))
<< desc->ashift);
if (csize > len)
csize = len;