| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- From 6fa61b113427cb9db600a4a2a2f38ce09595f15f Mon Sep 17 00:00:00 2001
- From: Alec Brown <alec.r.brown@oracle.com>
- Date: Tue, 4 Feb 2025 15:11:11 +0000
- Subject: [PATCH] normal/menu: Use safe math to avoid an integer overflow
- The Coverity indicates that the variable current_entry might overflow.
- To prevent this use safe math when adding GRUB_MENU_PAGE_SIZE to current_entry.
- On the occasion fix limiting condition which was broken.
- Fixes: CID 473853
- Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
- Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
- Upstream: 5b36a5210e21bee2624f8acc36aefd8f10266adb
- Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- ---
- grub-core/normal/menu.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
- diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
- index 6a90e091f..7ac6abf93 100644
- --- a/grub-core/normal/menu.c
- +++ b/grub-core/normal/menu.c
- @@ -32,6 +32,7 @@
- #include <grub/script_sh.h>
- #include <grub/gfxterm.h>
- #include <grub/dl.h>
- +#include <grub/safemath.h>
-
- /* Time to delay after displaying an error message about a default/fallback
- entry failing to boot. */
- @@ -751,9 +752,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot, int *notify_boot)
-
- case GRUB_TERM_CTRL | 'c':
- case GRUB_TERM_KEY_NPAGE:
- - if (current_entry + GRUB_MENU_PAGE_SIZE < menu->size)
- - current_entry += GRUB_MENU_PAGE_SIZE;
- - else
- + if (grub_add (current_entry, GRUB_MENU_PAGE_SIZE, ¤t_entry) || current_entry >= menu->size)
- current_entry = menu->size - 1;
- menu_set_chosen_entry (current_entry);
- break;
- --
- 2.50.1
|
