* grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
(poll_nonroot_hub): Likewise.
* grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
(grub_affs_label): Likewise.
* grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
* grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
(grub_hfs_label): Likewise.
* grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
* grub-core/fs/zfs/zfs.c (MIN): Remove.
(zap_leaf_array_equal): Use grub_size. Remove MIN.
(zap_leaf_array_get): Likewise.
(dnode_get_path): Likewise.
* grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
* grub-core/io/xzio.c (grub_xzio_read): Likewise.
* grub-core/script/execute.c (grub_script_break): Likewise.
* grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
grub_max.
* grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
* include/grub/misc.h (grub_min): Removed.
(grub_max): Likewise.
+2012-01-14 Vladimir Serbinenko <phcoder@gmail.com>
+
+ Eliminate grub_min/grub_max prone to overflow usage.
+
+ * grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
+ (poll_nonroot_hub): Likewise.
+ * grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
+ (grub_affs_label): Likewise.
+ * grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
+ * grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
+ (grub_hfs_label): Likewise.
+ * grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
+ * grub-core/fs/zfs/zfs.c (MIN): Remove.
+ (zap_leaf_array_equal): Use grub_size. Remove MIN.
+ (zap_leaf_array_get): Likewise.
+ (dnode_get_path): Likewise.
+ * grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
+ * grub-core/io/xzio.c (grub_xzio_read): Likewise.
+ * grub-core/script/execute.c (grub_script_break): Likewise.
+ * grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
+ grub_max.
+ * grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
+ * include/grub/misc.h (grub_min): Removed.
+ (grub_max): Likewise.
+
2012-01-14 Samuel Thibault <samuel.thibault@ens-lyon.org>
* grub-core/fs/ext2.c (grub_ext2_iterate_dir): Ignore entries with
if ((endp->endp_addr & 128) && grub_usb_get_ep_type(endp)
== GRUB_USB_EP_INTERRUPT)
{
+ grub_size_t len;
dev->hub_endpoint = endp;
+ len = endp->maxpacket;
+ if (len > sizeof (dev->statuschange))
+ len = sizeof (dev->statuschange);
dev->hub_transfer
- = grub_usb_bulk_read_background (dev, endp->endp_addr,
- grub_min (endp->maxpacket,
- sizeof (dev->statuschange)),
+ = grub_usb_bulk_read_background (dev, endp->endp_addr, len,
(char *) &dev->statuschange);
break;
}
grub_usb_err_t err;
unsigned i;
grub_uint8_t changed;
- grub_size_t actual;
+ grub_size_t actual, len;
int j, total;
if (!dev->hub_transfer)
changed = dev->statuschange;
+ len = dev->hub_endpoint->maxpacket;
+ if (len > sizeof (dev->statuschange))
+ len = sizeof (dev->statuschange);
dev->hub_transfer
- = grub_usb_bulk_read_background (dev, dev->hub_endpoint->endp_addr,
- grub_min (dev->hub_endpoint->maxpacket,
- sizeof (dev->statuschange)),
+ = grub_usb_bulk_read_background (dev, dev->hub_endpoint->endp_addr, len,
(char *) &dev->statuschange);
if (err || actual == 0 || changed == 0)
{
int type;
grub_uint8_t name_u8[sizeof (fil->name) * GRUB_MAX_UTF8_PER_LATIN1 + 1];
+ grub_size_t len;
node = grub_zalloc (sizeof (*node));
if (!node)
node->di = *fil;
node->parent = dir;
- *grub_latin1_to_utf8 (name_u8, fil->name,
- grub_min (fil->namelen, sizeof (fil->name))) = '\0';
+ len = fil->namelen;
+ if (len > sizeof (fil->name))
+ len = sizeof (fil->name);
+ *grub_latin1_to_utf8 (name_u8, fil->name, len) = '\0';
if (hook ((char *) name_u8, type, node))
{
if (grub_errno)
return 0;
- len = grub_min (file.namelen, sizeof (file.name));
+ len = file.namelen;
+ if (len > sizeof (file.name))
+ len = sizeof (file.name);
*label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1);
if (*label)
*grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0';
/* Block partially filled with requested data. */
if (off > 0 || osize < GRUB_BTRFS_LZO_BLOCK_SIZE)
{
- grub_size_t to_copy = grub_min(osize, GRUB_BTRFS_LZO_BLOCK_SIZE - off);
+ grub_size_t to_copy = GRUB_BTRFS_LZO_BLOCK_SIZE - off;
+
+ if (to_copy > osize)
+ to_copy = osize;
if (lzo1x_decompress_safe ((lzo_bytep)ibuf, cblock_size, buf, &usize,
NULL) != LZO_E_OK)
return -1;
- to_copy = grub_min(to_copy, usize);
+ if (to_copy > usize)
+ to_copy = usize;
grub_memcpy(obuf, buf + off, to_copy);
osize -= to_copy;
struct grub_hfs_catalog_key *ckey = rec->key;
char fname[sizeof (ckey->str) * MAX_UTF8_PER_MAC_ROMAN + 1] = { 0 };
struct grub_dirhook_info info;
+ grub_size_t len;
+
grub_memset (&info, 0, sizeof (info));
- macroman_to_utf8 (fname, ckey->str, grub_min (ckey->strlen,
- sizeof (ckey->str)));
+ len = ckey->strlen;
+ if (len > sizeof (ckey->str))
+ len = sizeof (ckey->str);
+ macroman_to_utf8 (fname, ckey->str, len);
info.case_insensitive = 1;
if (data)
{
- grub_size_t len = grub_min (sizeof (data->sblock.volname) - 1,
- data->sblock.volname[0]);
+ grub_size_t len = data->sblock.volname[0];
+ if (len > sizeof (data->sblock.volname) - 1)
+ len = sizeof (data->sblock.volname) - 1;
*label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1);
if (*label)
macroman_to_utf8 (*label, data->sblock.volname + 1,
struct grub_hfsplus_catkey *catkey_a = &keya->catkey;
struct grub_hfsplus_catkey_internal *catkey_b = &keyb->catkey;
int diff;
+ grub_size_t len;
/* Safe unsigned comparison */
grub_uint32_t aparent = grub_be_to_cpu32 (catkey_a->parent);
if (aparent < catkey_b->parent)
return -1;
+ len = grub_be_to_cpu16 (catkey_a->namelen);
+ if (len > catkey_b->namelen)
+ len = catkey_b->namelen;
diff = grub_memcmp (catkey_a->name, catkey_b->name,
- grub_min (grub_be_to_cpu16 (catkey_a->namelen),
- catkey_b->namelen)
- * sizeof (catkey_a->name[0]));
+ len * sizeof (catkey_a->name[0]));
if (diff == 0)
diff = grub_be_to_cpu16 (catkey_a->namelen) - catkey_b->namelen;
#define ZPOOL_PROP_BOOTFS "bootfs"
-#define MIN(a,b) (((a) < (b)) ? (a) : (b))
-
/*
* For nvlist manipulation. (from nvpair.h)
*/
/* XXX */
static int
zap_leaf_array_equal (zap_leaf_phys_t * l, grub_zfs_endian_t endian,
- int blksft, int chunk, int array_len, const char *buf,
- int case_insensitive)
+ int blksft, int chunk, grub_size_t array_len,
+ const char *buf, int case_insensitive)
{
- int bseen = 0;
+ grub_size_t bseen = 0;
while (bseen < array_len)
{
struct zap_leaf_array *la = &ZAP_LEAF_CHUNK (l, blksft, chunk)->l_array;
- int toread = MIN (array_len - bseen, ZAP_LEAF_ARRAY_BYTES);
+ grub_size_t toread = array_len - bseen;
+
+ if (toread > ZAP_LEAF_ARRAY_BYTES)
+ toread = ZAP_LEAF_ARRAY_BYTES;
if (chunk >= ZAP_LEAF_NUMCHUNKS (blksft))
- return (0);
+ return 0;
if (name_cmp ((char *) la->la_array, buf + bseen, toread,
case_insensitive) != 0)
/* XXX */
static grub_err_t
zap_leaf_array_get (zap_leaf_phys_t * l, grub_zfs_endian_t endian, int blksft,
- int chunk, int array_len, char *buf)
+ int chunk, grub_size_t array_len, char *buf)
{
- int bseen = 0;
+ grub_size_t bseen = 0;
while (bseen < array_len)
{
struct zap_leaf_array *la = &ZAP_LEAF_CHUNK (l, blksft, chunk)->l_array;
- int toread = MIN (array_len - bseen, ZAP_LEAF_ARRAY_BYTES);
+ grub_size_t toread = array_len - bseen;
+
+ if (toread > ZAP_LEAF_ARRAY_BYTES)
+ toread = ZAP_LEAF_ARRAY_BYTES;
if (chunk >= ZAP_LEAF_NUMCHUNKS (blksft))
/* Don't use grub_error because this error is to be ignored. */
if (err)
return err;
- movesize = MIN (sym_sz - block * blksz, blksz);
+ movesize = sym_sz - block * blksz;
+ if (movesize > blksz)
+ movesize = blksz;
grub_memcpy (sym_value + block * blksz, t, movesize);
grub_free (t);
while (len != 0 && lzopio->block.usize != 0)
{
- long to_copy;
+ grub_size_t to_copy;
/* Block not decompressed yet. */
if (!lzopio->block.udata && uncompress_block (lzopio) < 0)
goto CORRUPTED;
/* Copy requested data into buffer. */
- to_copy = grub_min (lzopio->block.usize - off, len);
+ to_copy = lzopio->block.usize - off;
+ if (to_copy > len)
+ to_copy = len;
grub_memcpy (buf, lzopio->block.udata + off, to_copy);
len -= to_copy;
while (len > 0)
{
- xzio->buf.out_size = grub_min (file->offset + ret + len - current_offset,
- XZBUFSIZ);
-
+ xzio->buf.out_size = file->offset + ret + len - current_offset;
+ if (xzio->buf.out_size > XZBUFSIZ)
+ xzio->buf.out_size = XZBUFSIZ;
/* Feed input. */
if (xzio->buf.in_pos == xzio->buf.in_size)
{
return grub_error (GRUB_ERR_BAD_ARGUMENT, "bad break");
is_continue = grub_strcmp (cmd->name, "break") ? 1 : 0;
- active_breaks = grub_min (active_loops, count);
+ active_breaks = count;
+ if (active_breaks > active_loops)
+ active_breaks = active_loops;
return GRUB_ERR_NONE;
}
if (lexer->recordpos + len + 1 > lexer->recordlen)
{
old = lexer->recording;
- lexer->recordlen = grub_max (len, lexer->recordlen) * 2;
+ if (lexer->recordlen < len)
+ lexer->recordlen = len;
+ lexer->recordlen *= 2;
lexer->recording = grub_realloc (lexer->recording, lexer->recordlen);
if (!lexer->recording)
{
static void copy_string (struct grub_parser_param *parser, const char *str, unsigned hint)
{
- int size;
+ grub_size_t size;
char *ptr;
unsigned len;
len = hint ? hint : grub_strlen (str);
if (parser->lexerstate->used + len >= parser->lexerstate->size)
{
- size = grub_max (len, parser->lexerstate->size) * 2;
+ size = len * 2;
+ if (size < parser->lexerstate->size * 2)
+ size = parser->lexerstate->size * 2;
ptr = grub_realloc (parser->lexerstate->text, size);
if (!ptr)
{
return (unsigned int) x;
}
-static inline long
-grub_min (long x, long y)
-{
- if (x < y)
- return x;
- else
- return y;
-}
-
-static inline long
-grub_max (long x, long y)
-{
- if (x > y)
- return x;
- else
- return y;
-}
-
/* Rounded-up division */
static inline unsigned int
grub_div_roundup (unsigned int x, unsigned int y)
projects / thirdparty / grub.git / commitdiff
