grub2/0089-efi-chainloader-fix-wrong-sanity-check-in-relocate_c.patch
Peter Jones 8c145bcef6 Rebased to newer upstream for fedora-25
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-12-01 17:23:32 -05:00

39 lines
1.4 KiB
Diff

From 54d9b46779dab340984dde1077c4f2b685caf0b1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 21 Nov 2016 15:34:00 +0100
Subject: [PATCH 89/89] efi/chainloader: fix wrong sanity check in
relocate_coff()
In relocate_coff(), the relocation entries are parsed from the original
image (not the section-wise copied image). The original image is
pointed-to by the "orig" pointer. The current check
(void *)reloc_end < data
compares the addresses of independent memory allocations. "data" is a typo
here, it should be "orig".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Bogdan Costescu <bcostescu@gmail.com>
Tested-by: Juan Orti <j.orti.alcaine@gmail.com>
---
grub-core/loader/efi/chainloader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 49a7662..1bd7ffb 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -397,7 +397,7 @@ relocate_coff (pe_coff_loader_image_context_t *context,
reloc_end = (struct grub_pe32_fixup_block *)
((char *)reloc_base + reloc_base->size);
- if ((void *)reloc_end < data || (void *)reloc_end > image_end)
+ if ((void *)reloc_end < orig || (void *)reloc_end > image_end)
{
grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
n);
--
2.9.3