|
|
bf0270 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
bf0270 |
From: Daniel Axtens <dja@axtens.net>
|
|
|
bf0270 |
Date: Tue, 13 Jul 2021 13:24:38 +1000
|
|
|
bf0270 |
Subject: [PATCH] normal/charset: Fix array out-of-bounds formatting unicode
|
|
|
bf0270 |
for display
|
|
|
bf0270 |
|
|
|
bf0270 |
In some cases attempting to display arbitrary binary strings leads
|
|
|
bf0270 |
to ASAN splats reading the widthspec array out of bounds.
|
|
|
bf0270 |
|
|
|
bf0270 |
Check the index. If it would be out of bounds, return a width of 1.
|
|
|
bf0270 |
I don't know if that's strictly correct, but we're not really expecting
|
|
|
bf0270 |
great display of arbitrary binary data, and it's certainly not worse than
|
|
|
bf0270 |
an OOB read.
|
|
|
bf0270 |
|
|
|
bf0270 |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
bf0270 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
bf0270 |
(cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d)
|
|
|
bf0270 |
(cherry picked from commit f2c10aaf335b88a69885375c4d68ffab2429df77)
|
|
|
bf0270 |
(cherry picked from commit 4c942e1ba8d1f1199a58d2eb139022ae22f75cb2)
|
|
|
bf0270 |
---
|
|
|
bf0270 |
grub-core/normal/charset.c | 2 ++
|
|
|
bf0270 |
1 file changed, 2 insertions(+)
|
|
|
bf0270 |
|
|
|
bf0270 |
diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
|
|
|
bf0270 |
index f902b13b44..7b2de12001 100644
|
|
|
bf0270 |
--- a/grub-core/normal/charset.c
|
|
|
bf0270 |
+++ b/grub-core/normal/charset.c
|
|
|
bf0270 |
@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c)
|
|
|
bf0270 |
{
|
|
|
bf0270 |
if (grub_unicode_get_comb_type (c->base))
|
|
|
bf0270 |
return 0;
|
|
|
bf0270 |
+ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec))
|
|
|
bf0270 |
+ return 1;
|
|
|
bf0270 |
if (widthspec[c->base >> 3] & (1 << (c->base & 7)))
|
|
|
bf0270 |
return 2;
|
|
|
bf0270 |
else
|