]> git.ipfire.org Git - thirdparty/grub.git/commit
projects / thirdparty / grub.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 438f055) | patch
osdep/unix/hostdisk: Fix signed integer overflow
authorLidong Chen <lidong.chen@oracle.com>
Thu, 5 Jun 2025 05:03:19 +0000 (05:03 +0000)
committerDaniel Kiper <daniel.kiper@oracle.com>
Thu, 12 Jun 2025 16:56:24 +0000 (18:56 +0200)
commit86e8f2c4b021c854d14d32e1bce1576dcab7c14c
treeefd7a5515f8b6b86c940513e526a943af3baac5btree | snapshot
parent438f055819548ac7323a5f29bd16b627cf8cb4fbcommit | diff
osdep/unix/hostdisk: Fix signed integer overflow

The potential overflow issue arises at "size += ret;" because "size"
is of type ssize_t (signed) while "len" is size_t (unsigned). Repeatedly
adding read sizes, "ret", to "size" can potentially exceed the maximum
value of ssize_t, causing it to overflow into a negative or incorrect value.
The fix is to ensure "len" is within the range of SSIZE_MAX.

Fixes: CID 473850
Fixes: CID 473863
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/osdep/unix/hostdisk.c diff | blob | blame | history
Mirror of https://git.savannah.gnu.org/git/grub.git