From 3334a5e6c86f10e715cca3bf66ce0fc2f164b61b Mon Sep 17 00:00:00 2001
|
From: Daniel Axtens <dja@axtens.net>
|
Date: Wed, 13 Jan 2021 20:59:09 +1100
|
Subject: [PATCH] io/gzio: Bail if gzio->tl/td is NULL
|
|
This is an ugly fix that doesn't address why gzio->tl comes to be NULL.
|
However, it seems to be sufficient to patch up a bunch of NULL derefs.
|
|
It would be good to revisit this in future and see if we can have
|
a cleaner solution that addresses some of the causes of the unexpected
|
NULL pointers.
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
---
|
grub-core/io/gzio.c | 20 ++++++++++++++++++++
|
1 file changed, 20 insertions(+)
|
|
diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
|
index 43d98a7..4a8eaea 100644
|
--- a/grub-core/io/gzio.c
|
+++ b/grub-core/io/gzio.c
|
@@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio)
|
{
|
if (! gzio->code_state)
|
{
|
+
|
+ if (gzio->tl == NULL)
|
+ {
|
+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
|
+ return 1;
|
+ }
|
+
|
NEEDBITS ((unsigned) gzio->bl);
|
if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16)
|
do
|
@@ -707,6 +714,12 @@ inflate_codes_in_window (grub_gzio_t gzio)
|
n = t->v.n + ((unsigned) b & mask_bits[e]);
|
DUMPBITS (e);
|
|
+ if (gzio->td == NULL)
|
+ {
|
+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td");
|
+ return 1;
|
+ }
|
+
|
/* decode distance of block to copy */
|
NEEDBITS ((unsigned) gzio->bd);
|
if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16)
|
@@ -917,6 +930,13 @@ init_dynamic_block (grub_gzio_t gzio)
|
n = nl + nd;
|
m = mask_bits[gzio->bl];
|
i = l = 0;
|
+
|
+ if (gzio->tl == NULL)
|
+ {
|
+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
|
+ return;
|
+ }
|
+
|
while ((unsigned) i < n)
|
{
|
NEEDBITS ((unsigned) gzio->bl);
|
--
|
2.14.2
|
