stub: mem fixes in devicetree addon handling (#33624)

* stub: mem fixes in devicetree addon handling

Two bugs here: The elements are of size `DevicetreeAddon`, not `size_t`,
and `[]` binds stronger than `*`. This means the first element is ok,
but the second corrupts the stack.

Found this while refactoring #32463

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index 57f441c84bb043255b61793fd9cd18fa715d5eeb..d48cbf2861baf5dfaa32809856349fb2ba40d478 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -463,10 +463,10 @@ static EFI_STATUS load_addons(
 
                 if (devicetree_addons && PE_SECTION_VECTOR_IS_SET(sections + UNIFIED_SECTION_DTB)) {
                         *devicetree_addons = xrealloc(*devicetree_addons,
-                                                      *n_devicetree_addons * sizeof(size_t),
-                                                      (*n_devicetree_addons + 1)  * sizeof(size_t));
+                                                      *n_devicetree_addons * sizeof(DevicetreeAddon),
+                                                      (*n_devicetree_addons + 1) * sizeof(DevicetreeAddon));
 
-                        *devicetree_addons[(*n_devicetree_addons)++] = (DevicetreeAddon) {
+                        (*devicetree_addons)[(*n_devicetree_addons)++] = (DevicetreeAddon) {
                                 .blob = {
                                         .iov_base = xmemdup((const uint8_t*) loaded_addon->ImageBase + sections[UNIFIED_SECTION_DTB].memory_offset, sections[UNIFIED_SECTION_DTB].size),
                                         .iov_len = sections[UNIFIED_SECTION_DTB].size,