Blame SOURCES/0437-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Daniel Axtens <dja@axtens.net>
9723a8
Date: Fri, 15 Jan 2021 20:03:20 +1100
9723a8
Subject: [PATCH] term/gfxterm: Don't set up a font with glyphs that are too
9723a8
 big
9723a8
9723a8
Catch the case where we have a font so big that it causes the number of
9723a8
rows or columns to be 0. Currently we continue and allocate a
9723a8
virtual_screen.text_buffer of size 0. We then try to use that for glpyhs
9723a8
and things go badly.
9723a8
9723a8
On the emu platform, malloc() may give us a valid pointer, in which case
9723a8
we'll access heap memory which we shouldn't. Alternatively, it may give us
9723a8
NULL, in which case we'll crash. For other platforms, if I understand
9723a8
grub_memalign() correctly, we will receive a valid but small allocation
9723a8
that we will very likely later overrun.
9723a8
9723a8
Prevent the creation of a virtual screen that isn't at least 40 cols
9723a8
by 12 rows. This is arbitrary, but it seems that if your width or height
9723a8
is half a standard 80x24 terminal, you're probably going to struggle to
9723a8
read anything anyway.
9723a8
9723a8
Signed-off-by: Daniel Axtens <dja@axtens.net>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/term/gfxterm.c | 9 +++++++++
9723a8
 1 file changed, 9 insertions(+)
9723a8
9723a8
diff --git a/grub-core/term/gfxterm.c b/grub-core/term/gfxterm.c
b71686
index af7c090a3..b40fcce91 100644
9723a8
--- a/grub-core/term/gfxterm.c
9723a8
+++ b/grub-core/term/gfxterm.c
9723a8
@@ -232,6 +232,15 @@ grub_virtual_screen_setup (unsigned int x, unsigned int y,
9723a8
   virtual_screen.columns = virtual_screen.width / virtual_screen.normal_char_width;
9723a8
   virtual_screen.rows = virtual_screen.height / virtual_screen.normal_char_height;
9723a8
 
9723a8
+  /*
9723a8
+   * There must be a minimum number of rows and columns for the screen to
9723a8
+   * make sense. Arbitrarily pick half of 80x24. If either dimensions is 0
9723a8
+   * we would allocate 0 bytes for the text_buffer.
9723a8
+   */
9723a8
+  if (virtual_screen.columns < 40 || virtual_screen.rows < 12)
9723a8
+    return grub_error (GRUB_ERR_BAD_FONT,
9723a8
+		       "font: glyphs too large to fit on screen");
9723a8
+
9723a8
   /* Allocate memory for text buffer.  */
9723a8
   virtual_screen.text_buffer =
9723a8
     (struct grub_colored_char *) grub_malloc (virtual_screen.columns