[PATCH 1/2] grub-mkimage: Only check aarch64 relocations when built for aarch64

[PATCH 1/2] grub-mkimage: Only check aarch64 relocations when built for aarch64

[Darren Kenny]

Coverity flagged the switch checks for R_AARCH64_* as being logically
dead code, since it could never happen on x86 due to the masking of the
values earlier in the code.

A check for building on __ARM_ARCH (which gcc and clang define) and for
MKIMAGE_ELF64 (which GRUB defines) has been added to avoid this dead
code being built in.

Fixes: CID 158599

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
---
 util/grub-mkimagexx.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index 9762bc80e40d..9ff31083f746 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -1631,6 +1631,7 @@ translate_relocation_pe (struct translate_context *ctx,
 	}
       break;
     case EM_AARCH64:
+#if defined(MKIMAGE_ELF64) && defined(__ARM_ARCH)
       switch (ELF_R_TYPE (info))
 	{
 	case R_AARCH64_ABS64:
@@ -1666,6 +1667,7 @@ translate_relocation_pe (struct translate_context *ctx,
 			   (unsigned int) ELF_R_TYPE (info));
 	  break;
 	}
+#endif /* defined(MKIMAGE_ELF64) && define(__ARM_ARCH) */
       break;
       break;
 #if defined(MKIMAGE_ELF32)
-- 
2.27.0

[PATCH 2/2] kern: Ensure that parser allocated memory is not leaked

[Darren Kenny]

While it would appear unlikely that the memory allocated in *argv in
grub_parser_split_cmdline() would be leaked, we should try ensure that
it doesn't leak by calling grub_free() before we return from
grub_rescue_parse_line().

To avoid a possible double-free, grub_parser_split_cmdline() is being
changed to assign *argv = NULL when we've called grub_free() in the fail
section.

Fixes: CID 96680

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
---
 grub-core/kern/parser.c        |  2 ++
 grub-core/kern/rescue_parser.c | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
index 6ab7aa427cca..9b7b31a5162f 100644
--- a/grub-core/kern/parser.c
+++ b/grub-core/kern/parser.c
@@ -298,6 +298,8 @@ grub_parser_split_cmdline (const char *cmdline,
 
  fail:
   grub_free (*argv);
+  *argv = NULL;
+  *argc = 0;
   goto out;
 }
 
diff --git a/grub-core/kern/rescue_parser.c b/grub-core/kern/rescue_parser.c
index 63383669977a..3520aed40668 100644
--- a/grub-core/kern/rescue_parser.c
+++ b/grub-core/kern/rescue_parser.c
@@ -36,10 +36,16 @@ grub_rescue_parse_line (char *line,
 
   if (grub_parser_split_cmdline (line, getline, getline_data, &n, &args)
       || n < 0)
-    return grub_errno;
+    { 
+      grub_free(args);
+      return grub_errno;
+    }
 
   if (n == 0)
-    return GRUB_ERR_NONE;
+    { 
+      grub_free(args);
+      return GRUB_ERR_NONE;
+    }
 
   /* In case of an assignment set the environment accordingly
      instead of calling a function.  */
-- 
2.27.0

Re: [PATCH 1/2] grub-mkimage: Only check aarch64 relocations when built for aarch64

[Daniel Kiper]

On Wed, Mar 16, 2022 at 05:25:04PM +0000, Darren Kenny wrote:
> Coverity flagged the switch checks for R_AARCH64_* as being logically
> dead code, since it could never happen on x86 due to the masking of the
> values earlier in the code.
>
> A check for building on __ARM_ARCH (which gcc and clang define) and for
> MKIMAGE_ELF64 (which GRUB defines) has been added to avoid this dead
> code being built in.
>
> Fixes: CID 158599
>
> Signed-off-by: Darren Kenny <darren.kenny@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel

Re: [PATCH 2/2] kern: Ensure that parser allocated memory is not leaked

[Daniel Kiper]

On Wed, Mar 16, 2022 at 05:25:05PM +0000, Darren Kenny wrote:
> While it would appear unlikely that the memory allocated in *argv in
> grub_parser_split_cmdline() would be leaked, we should try ensure that
> it doesn't leak by calling grub_free() before we return from
> grub_rescue_parse_line().
>
> To avoid a possible double-free, grub_parser_split_cmdline() is being
> changed to assign *argv = NULL when we've called grub_free() in the fail
> section.
>
> Fixes: CID 96680
>
> Signed-off-by: Darren Kenny <darren.kenny@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel