Blame SOURCES/0227-efi-chainloader-fix-wrong-sanity-check-in-relocate_c.patch

28f7f8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
27a4da
From: Laszlo Ersek <lersek@redhat.com>
27a4da
Date: Mon, 21 Nov 2016 15:34:00 +0100
28f7f8
Subject: [PATCH] efi/chainloader: fix wrong sanity check in relocate_coff()
27a4da
27a4da
In relocate_coff(), the relocation entries are parsed from the original
27a4da
image (not the section-wise copied image). The original image is
27a4da
pointed-to by the "orig" pointer. The current check
27a4da
27a4da
  (void *)reloc_end < data
27a4da
27a4da
compares the addresses of independent memory allocations. "data" is a typo
27a4da
here, it should be "orig".
27a4da
27a4da
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291
27a4da
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
27a4da
Tested-by: Bogdan Costescu <bcostescu@gmail.com>
27a4da
Tested-by: Juan Orti <j.orti.alcaine@gmail.com>
27a4da
---
27a4da
 grub-core/loader/efi/chainloader.c | 2 +-
27a4da
 1 file changed, 1 insertion(+), 1 deletion(-)
27a4da
27a4da
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
28f7f8
index 3e89de9006c..ed8c364789a 100644
27a4da
--- a/grub-core/loader/efi/chainloader.c
27a4da
+++ b/grub-core/loader/efi/chainloader.c
27a4da
@@ -401,7 +401,7 @@ relocate_coff (pe_coff_loader_image_context_t *context,
27a4da
       reloc_end = (struct grub_pe32_fixup_block *)
27a4da
 	((char *)reloc_base + reloc_base->size);
27a4da
 
27a4da
-      if ((void *)reloc_end < data || (void *)reloc_end > image_end)
27a4da
+      if ((void *)reloc_end < orig || (void *)reloc_end > image_end)
27a4da
         {
27a4da
           grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
27a4da
 		      n);