proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2026-01-25 17:20:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d8c9aaa767
grub2/grub-core/video
History
Peter Jones d84e89f473 malloc: Use overflow checking primitives where we do complex allocations 
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Patch-Name: safe-alloc-4.patch
2020-07-24 22:42:22 +01:00
..
coreboot coreboot: Split parts that are platform-independent. 2017-05-08 19:10:24 +02:00
emu calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
fb video_fb: Fix blue collor if using unoptimized blitter. 2017-02-27 01:58:50 +00:00
i386/pc calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
readers malloc: Use overflow checking primitives where we do complex allocations 2020-07-24 22:42:22 +01:00
bitmap_scale.c bitmap_scale: Optimize by moving division out of the loop. 2015-02-26 18:13:36 +01:00
bitmap.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-24 22:42:22 +01:00
bochs.c Document intentional fallthroughs. 2015-01-27 17:17:58 +01:00
capture.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
cirrus.c Document intentional fallthroughs. 2015-01-27 17:17:58 +01:00
colors.c Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
efi_gop.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
efi_uga.c efi/uga: Fix PCIe LER when GRUB2 accesses non-enabled MMIO data from VGA 2018-04-04 21:48:52 +02:00
ieee1275.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
radeon_fuloong2e.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
radeon_yeeloong3a.c Add Radeon Yeeloong 3A support. 2013-12-17 22:52:04 +01:00
sis315_init.c Fuloong video init support. 2011-05-16 02:34:58 +02:00
sis315pro.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
sm712_init.c merge with mainline 2010-08-19 16:54:00 +05:30
sm712.c * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
video.c video: skip 'text' gfxpayload if not supported, to fallback to default 2019-05-20 13:00:44 +02:00