pool/grub2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9d4e900f2a
grub2/0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
Michael Chang e016790fe1 Accepting request 981228 from home:michael-chang:branches:Base:System 
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
  * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
  * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0017-net-ip-Do-IP-fragment-maths-safely.patch
  * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0022-net-tftp-Avoid-a-trivial-UAF.patch
  * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch

OBS-URL: https://build.opensuse.org/request/show/981228
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=416
2022-06-08 03:04:17 +00:00

37 lines
1.2 KiB
Diff
Raw Blame History

From cfe96e5c432b58726047f4d94f106f58855db1e2 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 13 Jul 2021 13:24:38 +1000
Subject: [PATCH 16/32] normal/charset: Fix array out-of-bounds formatting
unicode for display
In some cases attempting to display arbitrary binary strings leads
to ASAN splats reading the widthspec array out of bounds.
Check the index. If it would be out of bounds, return a width of 1.
I don't know if that's strictly correct, but we're not really expecting
great display of arbitrary binary data, and it's certainly not worse than
an OOB read.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/normal/charset.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
index 4dfcc31078..7a5a7c153c 100644
--- a/grub-core/normal/charset.c
+++ b/grub-core/normal/charset.c
@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c)
{
if (grub_unicode_get_comb_type (c->base))
return 0;
+ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec))
+ return 1;
if (widthspec[c->base >> 3] & (1 << (c->base & 7)))
return 2;
else
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink