git.ipfire.org Git - thirdparty/grub.git/commit

author	Alec Brown <alec.r.brown@oracle.com>
	Thu, 27 Oct 2022 00:16:44 +0000 (20:16 -0400)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Thu, 27 Oct 2022 18:10:18 +0000 (20:10 +0200)
commit	a85714545fe57a86d14ee231a4cd312158101d43
tree	e3f34f27b099aef96b232c482c34487f6ac4f22e	tree
parent	2a5e3c1f2aed88c2289fb595da8308e898b87915	commit \| diff

video/readers: Add artificial limit to image dimensions

In grub-core/video/readers/jpeg.c, the height and width of a JPEG image don't
have an upper limit for how big the JPEG image can be. In Coverity, this is
getting flagged as an untrusted loop bound. This issue can also seen in PNG and
TGA format images as well but Coverity isn't flagging it. To prevent this, the
constant IMAGE_HW_MAX_PX is being added to include/grub/bitmap.h, which has
a value of 16384, to act as an artificial limit and restrict the height and
width of images. This value was picked as it is double the current max
resolution size, which is 8K.

Fixes: CID 292450
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

docs/grub.texi		diff \| blob \| blame \| history
grub-core/video/readers/jpeg.c		diff \| blob \| blame \| history
grub-core/video/readers/png.c		diff \| blob \| blame \| history
grub-core/video/readers/tga.c		diff \| blob \| blame \| history
include/grub/bitmap.h		diff \| blob \| blame \| history