* [PATCH] efi_loader: Fix buffer underflow If the array index 'i' < 128, the 'codepage' array is accessed using [-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer overflow. Negative index in efi_unicode_collation.c:262. The index of the 'codepage' array should be c-0x80 instead of i-0x80.
@ 2022-11-22 7:33 Mikhail Ilin
2022-11-22 10:38 ` Heinrich Schuchardt
0 siblings, 1 reply; 2+ messages in thread
From: Mikhail Ilin @ 2022-11-22 7:33 UTC (permalink / raw)
To: u-boot; +Cc: Mikhail Ilin, Heinrich Schuchardt, Alexander Graf
Fixes: 0bc4b0da7b59 ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
---
lib/efi_loader/efi_unicode_collation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/efi_unicode_collation.c b/lib/efi_loader/efi_unicode_collation.c
index c700be8756..282045b556 100644
--- a/lib/efi_loader/efi_unicode_collation.c
+++ b/lib/efi_loader/efi_unicode_collation.c
@@ -259,7 +259,7 @@ static void EFIAPI efi_fat_to_str(struct efi_unicode_collation_protocol *this,
for (i = 0; i < fat_size; ++i) {
c = (unsigned char)fat[i];
if (c > 0x80)
- c = codepage[i - 0x80];
+ c = codepage[c - 0x80];
string[i] = c;
if (!c)
break;
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] efi_loader: Fix buffer underflow If the array index 'i' < 128, the 'codepage' array is accessed using [-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer overflow. Negative index in efi_unicode_collation.c:262. The index of the 'codepage' array should be c-0x80 instead of i-0x80.
2022-11-22 7:33 [PATCH] efi_loader: Fix buffer underflow If the array index 'i' < 128, the 'codepage' array is accessed using [-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer overflow. Negative index in efi_unicode_collation.c:262. The index of the 'codepage' array should be c-0x80 instead of i-0x80 Mikhail Ilin
@ 2022-11-22 10:38 ` Heinrich Schuchardt
0 siblings, 0 replies; 2+ messages in thread
From: Heinrich Schuchardt @ 2022-11-22 10:38 UTC (permalink / raw)
To: Mikhail Ilin; +Cc: Alexander Graf, u-boot
On 11/22/22 08:33, Mikhail Ilin wrote:
> Fixes: 0bc4b0da7b59 ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Thank you for reporting the problem.
The commit message should not be in the title.
Otherwise:
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
> ---
> lib/efi_loader/efi_unicode_collation.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/efi_loader/efi_unicode_collation.c b/lib/efi_loader/efi_unicode_collation.c
> index c700be8756..282045b556 100644
> --- a/lib/efi_loader/efi_unicode_collation.c
> +++ b/lib/efi_loader/efi_unicode_collation.c
> @@ -259,7 +259,7 @@ static void EFIAPI efi_fat_to_str(struct efi_unicode_collation_protocol *this,
> for (i = 0; i < fat_size; ++i) {
> c = (unsigned char)fat[i];
> if (c > 0x80)
> - c = codepage[i - 0x80];
> + c = codepage[c - 0x80];
> string[i] = c;
> if (!c)
> break;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-22 10:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-22 7:33 [PATCH] efi_loader: Fix buffer underflow If the array index 'i' < 128, the 'codepage' array is accessed using [-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer overflow. Negative index in efi_unicode_collation.c:262. The index of the 'codepage' array should be c-0x80 instead of i-0x80 Mikhail Ilin
2022-11-22 10:38 ` Heinrich Schuchardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.