mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-11-24 06:22:43 +00:00
c06457c638
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
30 lines
1.2 KiB
Diff
30 lines
1.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Axtens <dja@axtens.net>
|
|
Date: Mon, 28 Jun 2021 14:16:58 +1000
|
|
Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table
|
|
|
|
Fix a memory leak where an invalid file could cause us to reallocate
|
|
memory for a huffman table we had already allocated memory for.
|
|
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9)
|
|
(cherry picked from commit 5298bf758ea39a90537f9a1c76541ff2f21b970b)
|
|
---
|
|
grub-core/video/readers/jpeg.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
|
|
index 10225abd53..caa211f06d 100644
|
|
--- a/grub-core/video/readers/jpeg.c
|
|
+++ b/grub-core/video/readers/jpeg.c
|
|
@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data)
|
|
n += count[i];
|
|
|
|
id += ac * 2;
|
|
+ if (data->huff_value[id] != NULL)
|
|
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
|
|
+ "jpeg: attempt to reallocate huffman table");
|
|
data->huff_value[id] = grub_malloc (n);
|
|
if (grub_errno)
|
|
return grub_errno;
|