You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
1.4 KiB
35 lines
1.4 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
|
From: Laszlo Ersek <lersek@redhat.com> |
|
Date: Mon, 21 Nov 2016 15:34:00 +0100 |
|
Subject: [PATCH] efi/chainloader: fix wrong sanity check in relocate_coff() |
|
|
|
In relocate_coff(), the relocation entries are parsed from the original |
|
image (not the section-wise copied image). The original image is |
|
pointed-to by the "orig" pointer. The current check |
|
|
|
(void *)reloc_end < data |
|
|
|
compares the addresses of independent memory allocations. "data" is a typo |
|
here, it should be "orig". |
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 |
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com> |
|
Tested-by: Bogdan Costescu <bcostescu@gmail.com> |
|
Tested-by: Juan Orti <j.orti.alcaine@gmail.com> |
|
--- |
|
grub-core/loader/efi/chainloader.c | 2 +- |
|
1 file changed, 1 insertion(+), 1 deletion(-) |
|
|
|
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c |
|
index 3e89de9006c..ed8c364789a 100644 |
|
--- a/grub-core/loader/efi/chainloader.c |
|
+++ b/grub-core/loader/efi/chainloader.c |
|
@@ -401,7 +401,7 @@ relocate_coff (pe_coff_loader_image_context_t *context, |
|
reloc_end = (struct grub_pe32_fixup_block *) |
|
((char *)reloc_base + reloc_base->size); |
|
|
|
- if ((void *)reloc_end < data || (void *)reloc_end > image_end) |
|
+ if ((void *)reloc_end < orig || (void *)reloc_end > image_end) |
|
{ |
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", |
|
n);
|
|
|