projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e9ba6eb) | patch
gettext: Integer overflow leads to heap OOB write or read
authorLidong Chen <lidong.chen@oracle.com>
Fri, 22 Nov 2024 06:27:56 +0000 (06:27 +0000)
committerFelix Zielcke <fzielcke@z-51.de>
Thu, 3 Jul 2025 16:35:51 +0000 (18:35 +0200)
commit214e8ebf433c571ade6fc52f09d853fb9a169e8e
tree3fe7015dcc73dda4b7faa085e8b5590d7f50ce30tree | snapshot
parente9ba6eb58be8056bf86158a5e032177614f24c8fcommit | diff
gettext: Integer overflow leads to heap OOB write or read

Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
overflow leading to subsequent OOB write or read. This patch fixes the
issue by replacing grub_zalloc() and explicit multiplication with
grub_calloc() which does the same thing in safe manner.

Fixes: CVE-2024-45776
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name gettext-Integer-overflow-leads-to-heap-OOB-write-or-read.patch
grub-core/gettext/gettext.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.