mirror of
https://git.proxmox.com/git/grub2
synced 2025-07-25 08:55:21 +00:00
4e76b08f71
In huft_build(), "v" is a table of values in order of bit length. The code later (when setting up table entries in "r") assumes that all elements of this array corresponding to a code are initialized and less than N_MAX. However, it doesn't enforce this. With sufficiently manipulated inputs (e.g. from fuzzing), there can be elements of "v" that are not filled. Therefore a lookup into "e" or "d" will use an uninitialized value. This can lead to an invalid/OOB read on those values, often leading to a crash. Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| .. | ||
| bufio.c | ||
| gzio.c | ||
| lzopio.c | ||
| offset.c | ||
| xzio.c | ||