#include <grub/fs.h>
#include <grub/disk.h>
#include <grub/dl.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
char *rest;
char *linktarget;
grub_size_t linktarget_len;
+ grub_size_t sz;
*restart = 0;
if (linktarget[0] == '\0')
return GRUB_ERR_NONE;
linktarget_len = grub_strlen (linktarget);
- target = grub_malloc (linktarget_len + grub_strlen (*name) + 2);
+
+ if (grub_add (linktarget_len, grub_strlen (*name), &sz) ||
+ grub_add (sz, 2, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("link target length overflow"));
+
+ target = grub_malloc (sz);
if (!target)
return grub_errno;
char *path_alloc = NULL;
char *origpath = NULL;
unsigned symlinks_max = 32;
+ grub_size_t sz;
err = get_root (data, key, tree, type);
if (err)
struct grub_btrfs_dir_item *cdirel;
if (elemsize > allocated)
{
- allocated = 2 * elemsize;
+ if (grub_mul (2, elemsize, &allocated) ||
+ grub_add (allocated, 1, &sz))
+ {
+ grub_free (path_alloc);
+ grub_free (origpath);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory item size overflow"));
+ }
grub_free (direl);
- direl = grub_malloc (allocated + 1);
+ direl = grub_malloc (sz);
if (!direl)
{
grub_free (path_alloc);
grub_free (origpath);
return err;
}
- tmp = grub_malloc (grub_le_to_cpu64 (inode.size)
- + grub_strlen (path) + 1);
+
+ if (grub_add (grub_le_to_cpu64 (inode.size), grub_strlen (path), &sz) ||
+ grub_add (sz, 1, &sz))
+ {
+ grub_free (direl);
+ grub_free (path_alloc);
+ grub_free (origpath);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("buffer size overflow"));
+ }
+ tmp = grub_malloc (sz);
if (!tmp)
{
grub_free (direl);
grub_uint64_t tree;
grub_uint8_t type;
grub_size_t est_size = 0;
+ grub_size_t sz;
if (!data)
return grub_errno;
}
if (elemsize > allocated)
{
- allocated = 2 * elemsize;
+ if (grub_mul (2, elemsize, &allocated) ||
+ grub_add (allocated, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory element size overflow"));
+ r = -grub_errno;
+ break;
+ }
grub_free (direl);
- direl = grub_malloc (allocated + 1);
+ direl = grub_malloc (sz);
if (!direl)
{
r = -grub_errno;
#include <grub/dl.h>
#include <grub/i18n.h>
#include <grub/archelp.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
struct head hd;
grub_size_t namesize;
grub_uint32_t modeval;
+ grub_size_t sz;
data->hofs = data->next_hofs;
*mode = modeval;
- *name = grub_malloc (namesize + 1);
+ if (grub_add (namesize, 1, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("file name size overflow"));
+
+ *name = grub_malloc (sz);
if (*name == NULL)
return grub_errno;
{
char *ret;
grub_err_t err;
+ grub_size_t sz;
if (data->size == 0)
return grub_strdup ("");
- ret = grub_malloc (data->size + 1);
+
+ if (grub_add (data->size, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("target data size overflow"));
+ return NULL;
+ }
+ ret = grub_malloc (sz);
if (!ret)
return NULL;
erofs_read_symlink (grub_fshelp_node_t node)
{
char *symlink;
- grub_size_t sz;
+ grub_size_t sz, lsz;
grub_err_t err;
if (node->inode_loaded == false)
return NULL;
}
- symlink = grub_malloc (sz + 1);
+ if (grub_add (sz, 1, &lsz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink size overflow"));
+ return NULL;
+ }
+ symlink = grub_malloc (lsz);
if (symlink == NULL)
return NULL;
#include <grub/types.h>
#include <grub/charset.h>
#include <grub/fshelp.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
char *symlink;
struct grub_fshelp_node *diro = node;
grub_uint64_t filesize;
+ grub_size_t sz;
if (!diro->inode_read)
{
filesize = grub_f2fs_file_size(&diro->inode.i);
- symlink = grub_malloc (filesize + 1);
+ if (grub_add (filesize, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink size overflow"));
+ return 0;
+ }
+ symlink = grub_malloc (sz);
if (!symlink)
return 0;
enum FILE_TYPE ftype;
int name_len;
int ret;
+ int sz;
if (grub_f2fs_test_bit_le (i, ctx->bitmap) == 0)
{
if (name_len >= F2FS_NAME_LEN)
return 0;
- filename = grub_malloc (name_len + 1);
+ if (grub_add (name_len, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory entry name length overflow"));
+ return 0;
+ }
+ filename = grub_malloc (sz);
if (!filename)
return 0;
#include <grub/disk.h>
#include <grub/dl.h>
#include <grub/ntfs.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
{
grub_err_t ret;
grub_disk_addr_t vcn;
+ int log_sz;
if (ctx->attr->sbuf)
{
}
ctx->comp.comp_head = ctx->comp.comp_tail = 0;
- ctx->comp.cbuf = grub_malloc (1 << (ctx->comp.log_spc + GRUB_NTFS_BLK_SHR));
+ if (grub_add (ctx->comp.log_spc, GRUB_NTFS_BLK_SHR, &log_sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("compression buffer size overflow"));
+ return 0;
+ }
+ ctx->comp.cbuf = grub_malloc (1 << log_sz);
if (!ctx->comp.cbuf)
return 0;
{
char *ret;
grub_err_t err;
- grub_size_t sz;
+ grub_uint32_t sz;
if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz))
{
- grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink name length overflow"));
return NULL;
}
struct grub_squash_dirent di;
struct grub_squash_inode ino;
grub_size_t sz;
+ grub_uint16_t nlen;
err = read_chunk (dir->data, &di, sizeof (di),
grub_le_to_cpu64 (dir->data->sb.diroffset)
if (err)
return 0;
- buf = grub_malloc (grub_le_to_cpu16 (di.namelen) + 2);
+ if (grub_add (grub_le_to_cpu16 (di.namelen), 2, &nlen))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
+ return 0;
+ }
+ buf = grub_malloc (nlen);
if (!buf)
return 0;
err = read_chunk (dir->data, buf,
grub_xfs_read_symlink (grub_fshelp_node_t node)
{
grub_ssize_t size = grub_be_to_cpu64 (node->inode.size);
+ grub_size_t sz;
if (size < 0)
{
if (node->data->hascrc)
off = 56;
- symlink = grub_malloc (size + 1);
+ if (grub_add (size, 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("symlink size overflow"));
+ return 0;
+ }
+ symlink = grub_malloc (sz);
if (!symlink)
return 0;
{
struct grub_fshelp_node *fdiro;
grub_err_t err;
+ grub_size_t sz;
- fdiro = grub_malloc (grub_xfs_fshelp_size(ctx->diro->data) + 1);
+ if (grub_add (grub_xfs_fshelp_size(ctx->diro->data), 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("directory data size overflow"));
+ grub_print_error ();
+ return 0;
+ }
+ fdiro = grub_malloc (sz);
if (!fdiro)
{
grub_print_error ();
projects / thirdparty / grub.git / commitdiff
