boot: avoid 32-bit calculation for a 64-bit lvalue

Coverity CID#1399116:
> Potentially overflowing expression
> gpt_header_buffer.gpt_header.SizeOfPartitionEntry * gpt_header_buffer.gpt_header.NumberOfPartitionEntries
> with type unsigned int (32 bits, unsigned) is evaluated using 32-bit
> arithmetic, and then used in a context that expects an expression of type
> UINTN (64 bits, unsigned).

Let's import the ALIGN_TO macro to sd-boot and use it to avoid the issue.

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index ca9ce671d18bbf0fa89e909c3d57d98002ef22ed..7b3e7824546e7304ce467a790ed00ec6e90f5307 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2080,8 +2080,11 @@ static VOID config_load_xbootldr(
                             h->NumberOfPartitionEntries > 1024)
                                 continue;
 
+                        if (h->SizeOfPartitionEntry > UINTN_MAX / h->NumberOfPartitionEntries) /* overflow check */
+                                continue;
+
                         /* Now load the GPT entry table */
-                        sz = ((h->SizeOfPartitionEntry * h->NumberOfPartitionEntries + 511) / 512) * 512;
+                        sz = ALIGN_TO((UINTN) h->SizeOfPartitionEntry * (UINTN) h->NumberOfPartitionEntries, 512);
                         entries = AllocatePool(sz);
 
                         r = uefi_call_wrapper(block_io->ReadBlocks, 5,

diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h
index 8c5e35ad2513d28003a227b31f48701059c30d79..cef127f4005abac308da1464663ed4f979d3f37f 100644 (file)
--- a/src/boot/efi/util.h
+++ b/src/boot/efi/util.h
@@ -7,6 +7,10 @@
 #define ELEMENTSOF(x) (sizeof(x)/sizeof((x)[0]))
 #define OFFSETOF(x,y) __builtin_offsetof(x,y)
 
+static inline UINTN ALIGN_TO(UINTN l, UINTN ali) {
+        return ((l + ali - 1) & ~(ali - 1));
+}
+
 static inline const CHAR16 *yes_no(BOOLEAN b) {
         return b ? L"yes" : L"no";
 }