projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 674f3c8) | patch
fs: Prevent overflows when allocating memory for arrays
authorLidong Chen <lidong.chen@oracle.com>
Tue, 21 Jan 2025 19:02:37 +0000 (19:02 +0000)
committerFelix Zielcke <fzielcke@z-51.de>
Thu, 3 Jul 2025 16:35:51 +0000 (18:35 +0200)
commit93ca65a0f8211c3a292dae29ffede31fc95e9ed9
treee88daddbb0e86d274c7005d0ad7540a6fcdcac1ftree | snapshot
parent674f3c8b1571c0a3d85ac51685b3d4487e4ed83acommit | diff
fs: Prevent overflows when allocating memory for arrays

Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.

The HFS+ and squash4 security vulnerabilities were reported by
Jonathan Bar Or <jonathanbaror@gmail.com>.

Fixes: CVE-2025-0678
Fixes: CVE-2025-1125
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-Prevent-overflows-when-allocating-memory-for-arrays.patch
grub-core/fs/btrfs.c diff | blob | history
grub-core/fs/hfspluscomp.c diff | blob | history
grub-core/fs/squash4.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.