nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0411-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch

b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b1bcb2
From: Daniel Axtens <dja@axtens.net>
b1bcb2
Date: Wed, 13 Jan 2021 20:59:09 +1100
b1bcb2
Subject: [PATCH] io/gzio: Bail if gzio->tl/td is NULL
b1bcb2
b1bcb2
This is an ugly fix that doesn't address why gzio->tl comes to be NULL.
b1bcb2
However, it seems to be sufficient to patch up a bunch of NULL derefs.
b1bcb2
b1bcb2
It would be good to revisit this in future and see if we can have
b1bcb2
a cleaner solution that addresses some of the causes of the unexpected
b1bcb2
NULL pointers.
b1bcb2
b1bcb2
Signed-off-by: Daniel Axtens <dja@axtens.net>
b1bcb2
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b1bcb2
---
b1bcb2
 grub-core/io/gzio.c | 20 ++++++++++++++++++++
b1bcb2
 1 file changed, 20 insertions(+)
b1bcb2
b1bcb2
diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
b1bcb2
index daf514bc482..09e0e2842f2 100644
b1bcb2
--- a/grub-core/io/gzio.c
b1bcb2
+++ b/grub-core/io/gzio.c
b1bcb2
@@ -657,6 +657,13 @@ inflate_codes_in_window (grub_gzio_t gzio)
b1bcb2
     {
b1bcb2
       if (! gzio->code_state)
b1bcb2
 	{
b1bcb2
+
b1bcb2
+	  if (gzio->tl == NULL)
b1bcb2
+	    {
b1bcb2
+	      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
b1bcb2
+	      return 1;
b1bcb2
+	    }
b1bcb2
+
b1bcb2
 	  NEEDBITS ((unsigned) gzio->bl);
b1bcb2
 	  if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16)
b1bcb2
 	    do
b1bcb2
@@ -695,6 +702,12 @@ inflate_codes_in_window (grub_gzio_t gzio)
b1bcb2
 	      n = t->v.n + ((unsigned) b & mask_bits[e]);
b1bcb2
 	      DUMPBITS (e);
b1bcb2
 
b1bcb2
+	      if (gzio->td == NULL)
b1bcb2
+		{
b1bcb2
+		  grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td");
b1bcb2
+		  return 1;
b1bcb2
+		}
b1bcb2
+
b1bcb2
 	      /* decode distance of block to copy */
b1bcb2
 	      NEEDBITS ((unsigned) gzio->bd);
b1bcb2
 	      if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16)
b1bcb2
@@ -905,6 +918,13 @@ init_dynamic_block (grub_gzio_t gzio)
b1bcb2
   n = nl + nd;
b1bcb2
   m = mask_bits[gzio->bl];
b1bcb2
   i = l = 0;
b1bcb2
+
b1bcb2
+  if (gzio->tl == NULL)
b1bcb2
+    {
b1bcb2
+      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
b1bcb2
+      return;
b1bcb2
+    }
b1bcb2
+
b1bcb2
   while ((unsigned) i < n)
b1bcb2
     {
b1bcb2
       NEEDBITS ((unsigned) gzio->bl);