projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: efa3052) | patch
fs: Prevent overflows when allocating memory for arrays
authorLidong Chen <lidong.chen@oracle.com>
Tue, 21 Jan 2025 19:02:37 +0000 (19:02 +0000)
committerFelix Zielcke <fzielcke@z-51.de>
Wed, 11 Jun 2025 15:42:34 +0000 (17:42 +0200)
commitd1bb53f439bc15e4518932eb4158936d3a9d8b7b
treec850e9b29138071b38e6636ecf0eebc79f691994tree | snapshot
parentefa3052d9d6069f89d007987292a73b77d708be6commit | diff
fs: Prevent overflows when allocating memory for arrays

Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.

The HFS+ and squash4 security vulnerabilities were reported by
Jonathan Bar Or <jonathanbaror@gmail.com>.

Fixes: CVE-2025-0678
Fixes: CVE-2025-1125
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-Prevent-overflows-when-allocating-memory-for-arrays.patch
grub-core/fs/btrfs.c diff | blob | history
grub-core/fs/hfspluscomp.c diff | blob | history
grub-core/fs/squash4.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.