diff options
Diffstat (limited to 'meta/recipes-bsp/grub')
37 files changed, 2683 insertions, 4329 deletions
diff --git a/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch b/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch new file mode 100644 index 0000000000..2f15a91f68 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-RISC-V-Restore-the-typcast-to-long.patch @@ -0,0 +1,39 @@ +From e4c41db74b8972285cbdfe614c95c1ffd97d70e1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 26 Mar 2021 11:59:43 -0700 +Subject: [PATCH] RISC-V: Restore the typcast to 64bit type + +this makes the type promotions clear and explicit +It was already typecasted to long but was accidentally dropped in [1] +which stated to cause failures on riscv32 as reported in [2] + +[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2bf40e9e5be9808b17852e688eead87acff14420 +[2] https://savannah.gnu.org/bugs/index.php?60283 + +Upstream-Status: Submitted +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Andreas Schwab <schwab@suse.de> +Cc: Daniel Kiper <daniel.kiper@oracle.com> +Cc: Chester Lin <clin@suse.com> +Cc: Nikita Ermakov <arei@altlinux.org> +Cc: Alistair Francis <alistair.francis@wdc.com> +--- + util/grub-mkimagexx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index 00f49ccaa..ac677d03d 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -1242,7 +1242,7 @@ SUFFIX (relocate_addrs) (Elf_Ehdr *e, struct section_metadata *smd, + */ + + sym_addr += addend; +- off = sym_addr - target_section_addr - offset - image_target->vaddr_offset; ++ off = (grub_int64_t)sym_addr - target_section_addr - offset - image_target->vaddr_offset; + + switch (ELF_R_TYPE (info)) + { +-- +2.31.1 + diff --git a/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch b/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch new file mode 100644 index 0000000000..98142a7b60 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch @@ -0,0 +1,48 @@ +From eb486898dac8cbc29b2cc39f911b657c3417ae34 Mon Sep 17 00:00:00 2001 +From: Fangrui Song via Grub-devel <grub-devel@gnu.org> +Date: Thu, 26 Aug 2021 09:02:31 -0700 +Subject: [PATCH 1/2] configure: Remove obsoleted -malign-{jumps, loops, + functions} +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The GCC warns "cc1: warning: ‘-malign-loops’ is obsolete, use ‘-falign-loops’". +The Clang silently ignores -malign-{jumps,loops,functions}. + +The preferred -falign-* forms have been supported since GCC 3.2. So, just +remove -malign-{jumps,loops,functions}. + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=eb486898dac8cbc29b2cc39f911b657c3417ae34] +Signed-off-by: Fangrui Song <maskray@google.com> +Acked-by: Paul Menzel <pmenzel@molgen.mpg.de> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> +--- + configure.ac | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/configure.ac b/configure.ac +index bee28dbeb..9a12151bd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -805,17 +805,8 @@ if test "x$target_cpu" = xi386; then + [grub_cv_cc_falign_loop=no]) + ]) + +- AC_CACHE_CHECK([whether -malign-loops works], [grub_cv_cc_malign_loop], [ +- CFLAGS="$TARGET_CFLAGS -malign-loops=1 -Werror" +- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], +- [grub_cv_cc_malign_loop=yes], +- [grub_cv_cc_malign_loop=no]) +- ]) +- + if test "x$grub_cv_cc_falign_loop" = xyes; then + TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1" +- elif test "x$grub_cv_cc_malign_loop" = xyes; then +- TARGET_CFLAGS="$TARGET_CFLAGS -malign-jumps=1 -malign-loops=1 -malign-functions=1" + fi + fi + +-- +2.37.3 + diff --git a/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch b/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch new file mode 100644 index 0000000000..c575a31161 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch @@ -0,0 +1,47 @@ +From f1217c803cec90813eb834dde7829f4961b2a2e4 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 17 Feb 2022 15:07:02 -0800 +Subject: [PATCH] configure.ac: Use _zicsr_zifencei extentions on riscv + +From version 2.38, binutils defaults to ISA spec version 20191213. This +means that the csr read/write (csrr*/csrw*) instructions and fence.i +instruction has separated from the `I` extension, become two standalone +extensions: Zicsr and Zifencei. + +The fix is to specify those extensions explicitely in -march. Since we +are now using binutils 2.38+ in OE this is ok, a more upstreamable fix for +grub will be to detect these extentions, however thats not easy to +implement + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c7fc55a..072f2c9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -849,14 +849,14 @@ if test x"$platform" != xemu ; then + [grub_cv_target_cc_soft_float="-mgeneral-regs-only"], []) + fi + if test "x$target_cpu" = xriscv32; then +- CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror" ++ CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], +- [grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], []) ++ [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], []) + fi + if test "x$target_cpu" = xriscv64; then +- CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror" ++ CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], +- [grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], []) ++ [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], []) + fi + if test "x$target_cpu" = xia64; then + CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror" +-- +2.35.1 + diff --git a/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000000..efa00a3c6c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,115 @@ +From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index d09bb38..876b5b6 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8c..0d9603f 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include <grub/symbol.h> + #include <grub/types.h> + #include <grub/video.h> ++#include <grub/safemath.h> + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89b..bb0f826 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + #error gcc 5.1 or newer or clang 3.8 or newer is required + #endif diff --git a/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch b/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch new file mode 100644 index 0000000000..437e5b29b2 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch @@ -0,0 +1,59 @@ +From e372dcb0d4541ee9b9682cde088ec87a7b238ca2 Mon Sep 17 00:00:00 2001 +From: Fangrui Song via Grub-devel <grub-devel@gnu.org> +Date: Thu, 26 Aug 2021 09:02:32 -0700 +Subject: [PATCH 2/2] configure: Check for -falign-jumps=1 beside + -falign-loops=1 + +The Clang does not support -falign-jumps and only recently gained support +for -falign-loops. The -falign-jumps=1 should be tested beside +-fliang-loops=1 to avoid passing unrecognized options to the Clang: + + clang-14: error: optimization flag '-falign-jumps=1' is not supported [-Werror,-Wignored-optimization-argument] + +The -falign-functions=1 is supported by GCC 5.1.0/Clang 3.8.0. So, just +add the option unconditionally. + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e372dcb0d4541ee9b9682cde088ec87a7b238ca2] +Signed-off-by: Fangrui Song <maskray@google.com> +Acked-by: Paul Menzel <pmenzel@molgen.mpg.de> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> +--- + configure.ac | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 9a12151bd..eeb5d2211 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -798,6 +798,8 @@ fi + + # Force no alignment to save space on i386. + if test "x$target_cpu" = xi386; then ++ TARGET_CFLAGS="$TARGET_CFLAGS -falign-functions=1" ++ + AC_CACHE_CHECK([whether -falign-loops works], [grub_cv_cc_falign_loop], [ + CFLAGS="$TARGET_CFLAGS -falign-loops=1 -Werror" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], +@@ -806,7 +808,18 @@ if test "x$target_cpu" = xi386; then + ]) + + if test "x$grub_cv_cc_falign_loop" = xyes; then +- TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -falign-loops=1 -falign-functions=1" ++ TARGET_CFLAGS="$TARGET_CFLAGS -falign-loops=1" ++ fi ++ ++ AC_CACHE_CHECK([whether -falign-jumps works], [grub_cv_cc_falign_jumps], [ ++ CFLAGS="$TARGET_CFLAGS -falign-jumps=1 -Werror" ++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], ++ [grub_cv_cc_falign_jumps=yes], ++ [grub_cv_cc_falign_jumps=no]) ++ ]) ++ ++ if test "x$grub_cv_cc_falign_jumps" = xyes; then ++ TARGET_CFLAGS="$TARGET_CFLAGS -falign-jumps=1" + fi + fi + +-- +2.37.3 + diff --git a/meta/recipes-bsp/grub/files/CVE-2020-10713.patch b/meta/recipes-bsp/grub/files/CVE-2020-10713.patch deleted file mode 100644 index c507ed3ea8..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2020-10713.patch +++ /dev/null @@ -1,73 +0,0 @@ -From a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Wed, 15 Apr 2020 15:45:02 -0400 -Subject: yylex: Make lexer fatal errors actually be fatal - -When presented with a command that can't be tokenized to anything -smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), -expecting that will stop further processing, as such: - - #define YY_DO_BEFORE_ACTION \ - yyg->yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yyg->yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - if ( yyleng >= YYLMAX ) \ - YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ - yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ - yyg->yy_c_buf_p = yy_cp; - -The code flex generates expects that YY_FATAL_ERROR() will either return -for it or do some form of longjmp(), or handle the error in some way at -least, and so the strncpy() call isn't in an "else" clause, and thus if -YY_FATAL_ERROR() is *not* actually fatal, it does the call with the -questionable limit, and predictable results ensue. - -Unfortunately, our implementation of YY_FATAL_ERROR() is: - - #define YY_FATAL_ERROR(msg) \ - do { \ - grub_printf (_("fatal error: %s\n"), _(msg)); \ - } while (0) - -The same pattern exists in yyless(), and similar problems exist in users -of YY_INPUT(), several places in the main parsing loop, -yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, -yy_scan_buffer(), etc. - -All of these callers expect YY_FATAL_ERROR() to actually be fatal, and -the things they do if it returns after calling it are wildly unsafe. - -Fixes: CVE-2020-10713 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e] -CVE: CVE-2020-10713 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - grub-core/script/yylex.l | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l -index 7b44c37b7..b7203c823 100644 ---- a/grub-core/script/yylex.l -+++ b/grub-core/script/yylex.l -@@ -37,11 +37,11 @@ - - /* - * As we don't have access to yyscanner, we cannot do much except to -- * print the fatal error. -+ * print the fatal error and exit. - */ - #define YY_FATAL_ERROR(msg) \ - do { \ -- grub_printf (_("fatal error: %s\n"), _(msg)); \ -+ grub_fatal (_("fatal error: %s\n"), _(msg));\ - } while (0) - - #define COPY(str, hint) \ --- -cgit v1.2.1 - diff --git a/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch deleted file mode 100644 index 637e368cb0..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch +++ /dev/null @@ -1,1863 +0,0 @@ -From bcdd6a55952222ec9829a59348240a4f983b0b56 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:26:01 -0400 -Subject: [PATCH 4/9] calloc: Use calloc() at most places - -This modifies most of the places we do some form of: - - X = malloc(Y * Z); - -to use calloc(Y, Z) instead. - -Among other issues, this fixes: - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in luks_recover_key() - reported by Chris Coulson, - - allocation of integer overflow in grub_lvm_detect() - reported by Chris Coulson. - -Fixes: CVE-2020-14308 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-14308 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 - -[YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04] -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/bus/usb/usbhub.c | 8 ++++---- - grub-core/commands/efi/lsefisystab.c | 3 ++- - grub-core/commands/legacycfg.c | 6 +++--- - grub-core/commands/menuentry.c | 2 +- - grub-core/commands/nativedisk.c | 2 +- - grub-core/commands/parttool.c | 12 +++++++++--- - grub-core/commands/regexp.c | 2 +- - grub-core/commands/search_wrap.c | 2 +- - grub-core/disk/diskfilter.c | 4 ++-- - grub-core/disk/ieee1275/ofdisk.c | 2 +- - grub-core/disk/ldm.c | 14 +++++++------- - grub-core/disk/luks.c | 2 +- - grub-core/disk/lvm.c | 12 ++++++------ - grub-core/disk/xen/xendisk.c | 2 +- - grub-core/efiemu/loadcore.c | 2 +- - grub-core/efiemu/mm.c | 6 +++--- - grub-core/font/font.c | 3 +-- - grub-core/fs/affs.c | 6 +++--- - grub-core/fs/btrfs.c | 6 +++--- - grub-core/fs/hfs.c | 2 +- - grub-core/fs/hfsplus.c | 6 +++--- - grub-core/fs/iso9660.c | 2 +- - grub-core/fs/ntfs.c | 4 ++-- - grub-core/fs/sfs.c | 2 +- - grub-core/fs/tar.c | 2 +- - grub-core/fs/udf.c | 4 ++-- - grub-core/fs/zfs/zfs.c | 4 ++-- - grub-core/gfxmenu/gui_string_util.c | 2 +- - grub-core/gfxmenu/widget-box.c | 4 ++-- - grub-core/io/gzio.c | 2 +- - grub-core/kern/efi/efi.c | 6 +++--- - grub-core/kern/emu/hostdisk.c | 2 +- - grub-core/kern/fs.c | 2 +- - grub-core/kern/misc.c | 2 +- - grub-core/kern/parser.c | 2 +- - grub-core/kern/uboot/uboot.c | 2 +- - grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- - grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- - grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- - grub-core/lib/priority_queue.c | 2 +- - grub-core/lib/reed_solomon.c | 7 +++---- - grub-core/lib/relocator.c | 10 +++++----- - grub-core/lib/zstd/fse_decompress.c | 2 +- - grub-core/loader/arm/linux.c | 2 +- - grub-core/loader/efi/chainloader.c | 2 +- - grub-core/loader/i386/bsdXX.c | 2 +- - grub-core/loader/i386/xnu.c | 4 ++-- - grub-core/loader/macho.c | 2 +- - grub-core/loader/multiboot_elfxx.c | 2 +- - grub-core/loader/xnu.c | 2 +- - grub-core/mmap/mmap.c | 4 ++-- - grub-core/net/bootp.c | 2 +- - grub-core/net/dns.c | 10 +++++----- - grub-core/net/net.c | 4 ++-- - grub-core/normal/charset.c | 10 +++++----- - grub-core/normal/cmdline.c | 14 +++++++------- - grub-core/normal/menu_entry.c | 14 +++++++------- - grub-core/normal/menu_text.c | 4 ++-- - grub-core/normal/term.c | 4 ++-- - grub-core/osdep/linux/getroot.c | 6 +++--- - grub-core/osdep/unix/config.c | 2 +- - grub-core/osdep/windows/getroot.c | 2 +- - grub-core/osdep/windows/hostdisk.c | 4 ++-- - grub-core/osdep/windows/init.c | 2 +- - grub-core/osdep/windows/platform.c | 4 ++-- - grub-core/osdep/windows/relpath.c | 2 +- - grub-core/partmap/gpt.c | 2 +- - grub-core/partmap/msdos.c | 2 +- - grub-core/script/execute.c | 2 +- - grub-core/tests/fake_input.c | 2 +- - grub-core/tests/video_checksum.c | 6 +++--- - grub-core/video/capture.c | 2 +- - grub-core/video/emu/sdl.c | 2 +- - grub-core/video/i386/pc/vga.c | 2 +- - grub-core/video/readers/png.c | 2 +- - include/grub/unicode.h | 4 ++-- - util/getroot.c | 2 +- - util/grub-file.c | 2 +- - util/grub-fstest.c | 4 ++-- - util/grub-install-common.c | 2 +- - util/grub-install.c | 4 ++-- - util/grub-mkimagexx.c | 6 ++---- - util/grub-mkrescue.c | 4 ++-- - util/grub-mkstandalone.c | 2 +- - util/grub-pe2elf.c | 12 +++++------- - util/grub-probe.c | 4 ++-- - 86 files changed, 178 insertions(+), 177 deletions(-) - -diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c -index 34a7ff1..a06cce3 100644 ---- a/grub-core/bus/usb/usbhub.c -+++ b/grub-core/bus/usb/usbhub.c -@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) - grub_usb_set_configuration (dev, 1); - - dev->nports = hubdesc.portcnt; -- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); -- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); -+ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); -+ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); - if (!dev->children || !dev->ports) - { - grub_free (dev->children); -@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d - - /* Query the number of ports the root Hub has. */ - hub->nports = controller->dev->hubports (controller); -- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); -- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); -+ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); -+ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); - if (!hub->devices || !hub->ports) - { - grub_free (hub->devices); -diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c -index df10302..cd81507 100644 ---- a/grub-core/commands/efi/lsefisystab.c -+++ b/grub-core/commands/efi/lsefisystab.c -@@ -71,7 +71,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), - grub_printf ("Vendor: "); - - for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); -- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); -+ /* Allocate extra 3 bytes to simplify math. */ -+ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); - if (!vendor) - return grub_errno; - *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index db7a8f0..5e3ec0d 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), - if (argc < 2) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - -- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); -+ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); - if (!cutargs) - return grub_errno; - cutargc = argc - 1; -@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), - { - char rbuf[3] = "-r"; - bsdargc = cutargc + 2; -- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); -+ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); - if (!bsdargs) - { - err = grub_errno; -@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), - "module"); - -- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); -+ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); - if (!newargs) - return grub_errno; - grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 2c5363d..9164df7 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, - goto fail; - - /* Save argc, args to pass as parameters to block arg later. */ -- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); -+ menu_args = grub_calloc (argc + 1, sizeof (char *)); - if (! menu_args) - goto fail; - -diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c -index 699447d..7c8f97f 100644 ---- a/grub-core/commands/nativedisk.c -+++ b/grub-core/commands/nativedisk.c -@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), - else - path_prefix = prefix; - -- mods = grub_malloc (argc * sizeof (mods[0])); -+ mods = grub_calloc (argc, sizeof (mods[0])); - if (!mods) - return grub_errno; - -diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c -index 22b46b1..051e313 100644 ---- a/grub-core/commands/parttool.c -+++ b/grub-core/commands/parttool.c -@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, - for (nargs = 0; args[nargs].name != 0; nargs++); - cur->nargs = nargs; - cur->args = (struct grub_parttool_argdesc *) -- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); -+ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); -+ if (!cur->args) -+ { -+ grub_free (cur); -+ curhandle--; -+ return -1; -+ } - grub_memcpy (cur->args, args, - (nargs + 1) * sizeof (struct grub_parttool_argdesc)); - -@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), - return err; - } - -- parsed = (int *) grub_zalloc (argc * sizeof (int)); -+ parsed = (int *) grub_calloc (argc, sizeof (int)); - - for (i = 1; i < argc; i++) - if (! parsed[i]) -@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), - } - ptool = cur; - pargs = (struct grub_parttool_args *) -- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); -+ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); - for (j = i; j < argc; j++) - if (! parsed[j]) - { -diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c -index f00b184..4019164 100644 ---- a/grub-core/commands/regexp.c -+++ b/grub-core/commands/regexp.c -@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) - if (ret) - goto fail; - -- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); -+ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); - if (! matches) - goto fail; - -diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c -index d7fd26b..47fc8eb 100644 ---- a/grub-core/commands/search_wrap.c -+++ b/grub-core/commands/search_wrap.c -@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) - for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) - nhints++; - -- hints = grub_malloc (sizeof (hints[0]) * nhints); -+ hints = grub_calloc (nhints, sizeof (hints[0])); - if (!hints) - return grub_errno; - j = 0; -diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index c3b578a..68ca9e0 100644 ---- a/grub-core/disk/diskfilter.c -+++ b/grub-core/disk/diskfilter.c -@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, - array->lvs->segments->node_count = nmemb; - array->lvs->segments->raid_member_size = disk_size; - array->lvs->segments->nodes -- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); -+ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); - array->lvs->segments->stripe_size = stripe_size; - for (i = 0; i < nmemb; i++) - { -@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, - grub_partition_t p; - for (p = disk->partition; p; p = p->parent) - s++; -- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); -+ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); - s = 0; - for (p = disk->partition; p; p = p->parent) - pv->partmaps[s++] = xstrdup (p->partmap->name); -diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c -index f73257e..03674cb 100644 ---- a/grub-core/disk/ieee1275/ofdisk.c -+++ b/grub-core/disk/ieee1275/ofdisk.c -@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) - /* Power machines documentation specify 672 as maximum SAS disks in - one system. Using a slightly larger value to be safe. */ - table_size = 768; -- table = grub_malloc (table_size * sizeof (grub_uint64_t)); -+ table = grub_calloc (table_size, sizeof (grub_uint64_t)); - - if (!table) - { -diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index 2a22d2d..e632370 100644 ---- a/grub-core/disk/ldm.c -+++ b/grub-core/disk/ldm.c -@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, - lv->segments->type = GRUB_DISKFILTER_MIRROR; - lv->segments->node_count = 0; - lv->segments->node_alloc = 8; -- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, -+ sizeof (*lv->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - ptr = vblk[i].dynamic; -@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, - { - comp->segment_alloc = 8; - comp->segment_count = 0; -- comp->segments = grub_malloc (sizeof (*comp->segments) -- * comp->segment_alloc); -+ comp->segments = grub_calloc (comp->segment_alloc, -+ sizeof (*comp->segments)); - if (!comp->segments) - goto fail2; - } -@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, - } - comp->segments->node_count = read_int (ptr + 1, *ptr); - comp->segments->node_alloc = comp->segments->node_count; -- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) -- * comp->segments->node_alloc); -+ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, -+ sizeof (*comp->segments->nodes)); - if (!lv->segments->nodes) - goto fail2; - } -@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, - *nsectors = lv->size; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 86c50c6..18b3a8b 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, - && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) - max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); - -- split_key = grub_malloc (keysize * max_stripes); -+ split_key = grub_calloc (keysize, max_stripes); - if (!split_key) - return grub_errno; - -diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index dc6b83b..7b5fbbc 100644 ---- a/grub-core/disk/lvm.c -+++ b/grub-core/disk/lvm.c -@@ -209,7 +209,7 @@ grub_lvm_detect (grub_disk_t disk, - first one. */ - - /* Allocate buffer space for the circular worst-case scenario. */ -- metadatabuf = grub_malloc (2 * mda_size); -+ metadatabuf = grub_calloc (2, mda_size); - if (! metadatabuf) - goto fail; - -@@ -464,7 +464,7 @@ grub_lvm_detect (grub_disk_t disk, - #endif - goto lvs_fail; - } -- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); -+ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); - seg = lv->segments; - - for (i = 0; i < lv->segment_count; i++) -@@ -521,8 +521,8 @@ grub_lvm_detect (grub_disk_t disk, - if (seg->node_count != 1) - seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); - -- seg->nodes = grub_zalloc (sizeof (*stripe) -- * seg->node_count); -+ seg->nodes = grub_calloc (seg->node_count, -+ sizeof (*stripe)); - stripe = seg->nodes; - - p = grub_strstr (p, "stripes = ["); -@@ -898,7 +898,7 @@ grub_lvm_detect (grub_disk_t disk, - break; - if (lv) - { -- cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments)); -+ cache->lv->segments = grub_calloc (lv->segment_count, sizeof (*lv->segments)); - if (!cache->lv->segments) - { - grub_lvm_free_cache_lvs (cache_lvs); -@@ -911,7 +911,7 @@ grub_lvm_detect (grub_disk_t disk, - struct grub_diskfilter_node *nodes = lv->segments[i].nodes; - grub_size_t node_count = lv->segments[i].node_count; - -- cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes)); -+ cache->lv->segments[i].nodes = grub_calloc (node_count, sizeof (*nodes)); - if (!cache->lv->segments[i].nodes) - { - for (j = 0; j < i; ++j) -diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c -index 48476cb..d6612ee 100644 ---- a/grub-core/disk/xen/xendisk.c -+++ b/grub-core/disk/xen/xendisk.c -@@ -426,7 +426,7 @@ grub_xendisk_init (void) - if (!ctr) - return; - -- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); -+ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); - if (!virtdisks) - return; - if (grub_xenstore_dir ("device/vbd", fill, &ctr)) -diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c -index 44085ef..2b92462 100644 ---- a/grub-core/efiemu/loadcore.c -+++ b/grub-core/efiemu/loadcore.c -@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) - - grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; - grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) -- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); -+ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); - - /* Relocators */ - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c -index 52a032f..9b8e0d0 100644 ---- a/grub-core/efiemu/mm.c -+++ b/grub-core/efiemu/mm.c -@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) - /* Initialize variables*/ - grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); - scanline_events = (struct grub_efiemu_mmap_scan *) -- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); - - /* Number of chunks can't increase more than by factor of 2 */ - result = (grub_efi_memory_descriptor_t *) -- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); - if (!result || !scanline_events) - { - grub_free (result); -@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) - - /* Preallocate mmap */ - efiemu_mmap = (grub_efi_memory_descriptor_t *) -- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); -+ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); - if (!efiemu_mmap) - { - grub_efiemu_unload (); -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 85a2925..8e118b3 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; - - /* Allocate the character index array. */ -- font->char_index = grub_malloc (font->num_chars -- * sizeof (struct char_index_entry)); -+ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); - if (!font->char_index) - return 1; - font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); -diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c -index 6b6a2bc..220b371 100644 ---- a/grub-core/fs/affs.c -+++ b/grub-core/fs/affs.c -@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) - return 0; - } - latin1[symlink_size] = 0; -- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); - if (!utf8) - { - grub_free (latin1); -@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, - return 1; - } - -- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); -+ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); - if (!hashtable) - return 1; - -@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) - len = file.namelen; - if (len > sizeof (file.name)) - len = sizeof (file.name); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; - } -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 48bd3d0..11272ef 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data, - { - desc->allocated = 16; - desc->depth = 0; -- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); -+ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); - if (!desc->data) - return grub_errno; - } -@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data, - grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; - grub_uint64_t i, failed_devices; - -- buffers = grub_zalloc (sizeof(*buffers) * nstripes); -+ buffers = grub_calloc (nstripes, sizeof (*buffers)); - if (!buffers) - goto cleanup; - -@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - *nsectors = 64 * 2 - 1; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c -index ac0a409..3fe842b 100644 ---- a/grub-core/fs/hfs.c -+++ b/grub-core/fs/hfs.c -@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) - grub_size_t len = data->sblock.volname[0]; - if (len > sizeof (data->sblock.volname) - 1) - len = sizeof (data->sblock.volname) - 1; -- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); -+ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); - if (*label) - macroman_to_utf8 (*label, data->sblock.volname + 1, - len + 1, 0); -diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c -index 54786bb..dae43be 100644 ---- a/grub-core/fs/hfsplus.c -+++ b/grub-core/fs/hfsplus.c -@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg) - if (! filename) - return 0; - -- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); -+ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); - if (!keyname) - { - grub_free (filename); -@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label) - grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); - - label_len = grub_be_to_cpu16 (catkey->namelen); -- label_name = grub_malloc (label_len * sizeof (*label_name)); -+ label_name = grub_calloc (label_len, sizeof (*label_name)); - if (!label_name) - { - grub_free (node); -@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label) - } - } - -- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! *label) - { - grub_free (label_name); -diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 49c0c63..4f1b52a 100644 ---- a/grub-core/fs/iso9660.c -+++ b/grub-core/fs/iso9660.c -@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) - int i; - grub_uint16_t t[MAX_NAMELEN / 2 + 1]; - -- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); - if (! p) - return NULL; - -diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c -index fc4e1f6..2f34f76 100644 ---- a/grub-core/fs/ntfs.c -+++ b/grub-core/fs/ntfs.c -@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) - grub_uint16_t *tmp; - grub_size_t i; - -- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); -- tmp = grub_malloc (len * sizeof (tmp[0])); -+ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); -+ tmp = grub_calloc (len, sizeof (tmp[0])); - if (!buf || !tmp) - { - grub_free (buf); -diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 50c1fe7..90f7fb3 100644 ---- a/grub-core/fs/sfs.c -+++ b/grub-core/fs/sfs.c -@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - node->next_extent = node->block; - node->cache_size = 0; - -- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); -+ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); - if (!node->cache) - { - grub_errno = 0; -diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c -index 7d63e0c..c551ed6 100644 ---- a/grub-core/fs/tar.c -+++ b/grub-core/fs/tar.c -@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, - if (data->linkname_alloc < linksize + 1) - { - char *n; -- n = grub_malloc (2 * (linksize + 1)); -+ n = grub_calloc (2, linksize + 1); - if (!n) - return grub_errno; - grub_free (data->linkname); -diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index dc8b6e2..a837616 100644 ---- a/grub-core/fs/udf.c -+++ b/grub-core/fs/udf.c -@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - { - unsigned i; - utf16len = sz - 1; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - { - unsigned i; - utf16len = (sz - 1) / 2; -- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); -+ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); - if (!utf16) - return NULL; - for (i = 0; i < utf16len; i++) -diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 2f72e42..381dde5 100644 ---- a/grub-core/fs/zfs/zfs.c -+++ b/grub-core/fs/zfs/zfs.c -@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, - } - subvol->nkeys = 0; - zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); -- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); -+ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); - if (!subvol->keyring) - { - grub_free (fsname); -@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), - *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c -index a9a415e..ba1e1ea 100644 ---- a/grub-core/gfxmenu/gui_string_util.c -+++ b/grub-core/gfxmenu/gui_string_util.c -@@ -55,7 +55,7 @@ canonicalize_path (const char *path) - if (*p == '/') - components++; - -- char **path_array = grub_malloc (components * sizeof (*path_array)); -+ char **path_array = grub_calloc (components, sizeof (*path_array)); - if (! path_array) - return 0; - -diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c -index b606028..470597d 100644 ---- a/grub-core/gfxmenu/widget-box.c -+++ b/grub-core/gfxmenu/widget-box.c -@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, - box->content_height = 0; - box->raw_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - box->scaled_pixmaps = - (struct grub_video_bitmap **) -- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); -+ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); - - /* Initialize all pixmap pointers to NULL so that proper destruction can - be performed if an error is encountered partway through construction. */ -diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c -index 6208a97..43d98a7 100644 ---- a/grub-core/io/gzio.c -+++ b/grub-core/io/gzio.c -@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ -- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); -+ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); - if (! q) - { - if (h) -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb9..dc31caa 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return grub_errno; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - - len = grub_strlen (var); - len16 = len * GRUB_MAX_UTF16_PER_UTF8; -- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); -+ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); - if (!var16) - return NULL; - len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); -@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) - while (len > 0 && fp->path_name[len - 1] == 0) - len--; - -- dup_name = grub_malloc (len * sizeof (*dup_name)); -+ dup_name = grub_calloc (len, sizeof (*dup_name)); - if (!dup_name) - { - grub_free (name); -diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index e9ec680..d975265 100644 ---- a/grub-core/kern/emu/hostdisk.c -+++ b/grub-core/kern/emu/hostdisk.c -@@ -615,7 +615,7 @@ static char * - grub_util_path_concat_real (size_t n, int ext, va_list ap) - { - size_t totlen = 0; -- char **l = xmalloc ((n + ext) * sizeof (l[0])); -+ char **l = xcalloc (n + ext, sizeof (l[0])); - char *r, *p, *pi; - size_t i; - int first = 1; -diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c -index 2b85f49..f90be65 100644 ---- a/grub-core/kern/fs.c -+++ b/grub-core/kern/fs.c -@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) - while (p); - - /* Allocate a block list. */ -- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); -+ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); - if (! blocks) - return 0; - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3b633d5..a7abd36 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -690,7 +690,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, - args->ptr = args->prealloc; - else - { -- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); -+ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); - if (!args->ptr) - { - grub_errno = GRUB_ERR_NONE; -diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c -index 78175aa..619db31 100644 ---- a/grub-core/kern/parser.c -+++ b/grub-core/kern/parser.c -@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, - return grub_errno; - grub_memcpy (args, buffer, bp - buffer); - -- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); -+ *argv = grub_calloc (*argc + 1, sizeof (char *)); - if (!*argv) - { - grub_free (args); -diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c -index be4816f..aac8f9a 100644 ---- a/grub-core/kern/uboot/uboot.c -+++ b/grub-core/kern/uboot/uboot.c -@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) - return num_devices; - - max_devices = 2; -- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); -+ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); - if (!enum_devices) - return 0; - -diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c -index f5e946a..63f6fcd 100644 ---- a/grub-core/lib/libgcrypt/cipher/ac.c -+++ b/grub-core/lib/libgcrypt/cipher/ac.c -@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, - gcry_mpi_t mpi; - char *label; - -- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); -+ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); - if (! data_mpis_new) - { - err = gcry_error_from_errno (errno); -@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, - } - - /* Add MPI list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); -+ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, - /* We build a list of arguments to pass to - gcry_sexp_build_array(). */ - data_length = _gcry_ac_data_length (data); -- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); -+ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, - arg_list_n += 2; - - /* Allocate list. */ -- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); -+ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); - if (! arg_list) - { - err = gcry_error_from_errno (errno); -diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c -index 2788e34..b12e79b 100644 ---- a/grub-core/lib/libgcrypt/cipher/primegen.c -+++ b/grub-core/lib/libgcrypt/cipher/primegen.c -@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, - } - - /* Allocate an array to track pool usage. */ -- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); -+ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); - if (!pool_in_use) - { - err = gpg_err_code_from_errno (errno); -@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, - if (nbits < 16) - log_fatal ("can't generate a prime with less than %d bits\n", 16); - -- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); -+ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); - /* Make nbits fit into gcry_mpi_t implementation. */ - val_2 = mpi_alloc_set_ui( 2 ); - val_3 = mpi_alloc_set_ui( 3); -diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c -index 9109821..ca087ad 100644 ---- a/grub-core/lib/libgcrypt/cipher/pubkey.c -+++ b/grub-core/lib/libgcrypt/cipher/pubkey.c -@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) - * array to a format string, so we have to do it this way :-(. */ - /* FIXME: There is now such a format specifier, so we can - change the code to be more clear. */ -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) - } - strcpy (p, "))"); - -- arg_list = malloc (nelem * sizeof *arg_list); -+ arg_list = calloc (nelem, sizeof *arg_list); - if (!arg_list) - { - rc = gpg_err_code_from_syserror (); -diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c -index 659be0b..7d5e7c0 100644 ---- a/grub-core/lib/priority_queue.c -+++ b/grub-core/lib/priority_queue.c -@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, - { - struct grub_priority_queue *ret; - void *els; -- els = grub_malloc (elsize * 8); -+ els = grub_calloc (8, elsize); - if (!els) - return 0; - ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); -diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index ee9fa7b..467305b 100644 ---- a/grub-core/lib/reed_solomon.c -+++ b/grub-core/lib/reed_solomon.c -@@ -20,6 +20,7 @@ - #include <stdio.h> - #include <string.h> - #include <stdlib.h> -+#define xcalloc calloc - #define xmalloc malloc - #define grub_memset memset - #define grub_memcpy memcpy -@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) - gf_single_t *rs_polynomial; - int i, j; - gf_single_t *m; -- m = xmalloc ((s + rs) * sizeof (gf_single_t)); -+ m = xcalloc (s + rs, sizeof (gf_single_t)); - grub_memcpy (m, data, s * sizeof (gf_single_t)); -- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); -- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); -- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); -+ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); - rs_polynomial[rs] = 1; - /* Multiply with X - a^r */ - for (j = 0; j < rs; j++) -diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c -index ea3ebc7..5847aac 100644 ---- a/grub-core/lib/relocator.c -+++ b/grub-core/lib/relocator.c -@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, - } - #endif - -- eventt = grub_malloc (maxevents * sizeof (events[0])); -+ eventt = grub_calloc (maxevents, sizeof (events[0])); - counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); -- events = grub_malloc (maxevents * sizeof (events[0])); -+ events = grub_calloc (maxevents, sizeof (events[0])); - if (!events || !eventt || !counter) - { - grub_dprintf ("relocator", "events or counter allocation failed %d\n", -@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, - #endif - unsigned cural = 0; - int oom = 0; -- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); -+ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); - if (!res->subchunks) - oom = 1; - res->nsubchunks = nallocs; -@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, - count[(chunk->src & 0xff) + 1]++; - } - } -- from = grub_malloc (nchunks * sizeof (sorted[0])); -- to = grub_malloc (nchunks * sizeof (sorted[0])); -+ from = grub_calloc (nchunks, sizeof (sorted[0])); -+ to = grub_calloc (nchunks, sizeof (sorted[0])); - if (!from || !to) - { - grub_free (from); -diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c -index 72bbead..2227b84 100644 ---- a/grub-core/lib/zstd/fse_decompress.c -+++ b/grub-core/lib/zstd/fse_decompress.c -@@ -82,7 +82,7 @@ - FSE_DTable* FSE_createDTable (unsigned tableLog) - { - if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; -- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); -+ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); - } - - void FSE_freeDTable (FSE_DTable* dt) -diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 5168491..d70c174 100644 ---- a/grub-core/loader/arm/linux.c -+++ b/grub-core/loader/arm/linux.c -@@ -78,7 +78,7 @@ linux_prepare_atag (void *target_atag) - - /* some place for cmdline, initrd and terminator. */ - tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; -- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); -+ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); - if (!tmp_atag) - return grub_errno; - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index cd92ea3..daf8c6b 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -116,7 +116,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, - fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; - fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; - -- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); -+ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); - if (!path_name) - return; - -diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c -index af6741d..a8d8bf7 100644 ---- a/grub-core/loader/i386/bsdXX.c -+++ b/grub-core/loader/i386/bsdXX.c -@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) - if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) - return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); - -- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); -+ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); - if (! *shdr) - return grub_errno; - -diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c -index e64ed08..b7d176b 100644 ---- a/grub-core/loader/i386/xnu.c -+++ b/grub-core/loader/i386/xnu.c -@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d - return grub_errno; - - len = grub_strlen (name); -- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); -+ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); - if (!utf16) - { - grub_free (utf8); -@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * - grub_uint16_t *utf16; - grub_err_t err; - -- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); -+ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); - if (!utf16) - return grub_errno; - grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); -diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c -index 085f9c6..05710c4 100644 ---- a/grub-core/loader/macho.c -+++ b/grub-core/loader/macho.c -@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) - if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) - == (grub_off_t) -1) - goto fail; -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (!archs) - goto fail; - if (grub_file_read (macho->file, archs, -diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index 70cd1db..cc68536 100644 ---- a/grub-core/loader/multiboot_elfxx.c -+++ b/grub-core/loader/multiboot_elfxx.c -@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) - { - grub_uint8_t *shdr, *shdrptr; - -- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); -+ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); - if (!shdr) - return grub_errno; - -diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 7f74d1d..77d7060 100644 ---- a/grub-core/loader/xnu.c -+++ b/grub-core/loader/xnu.c -@@ -800,7 +800,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), - if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) - { - narchs = grub_be_to_cpu32 (head.nfat_arch); -- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); -+ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); - if (! archs) - { - grub_file_close (file); -diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c -index 6a31cba..57b4e9a 100644 ---- a/grub-core/mmap/mmap.c -+++ b/grub-core/mmap/mmap.c -@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) - - /* Initialize variables. */ - ctx.scanline_events = (struct grub_mmap_scan *) -- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); -+ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); - -- present = grub_zalloc (sizeof (present[0]) * current_priority); -+ present = grub_calloc (current_priority, sizeof (present[0])); - - if (! ctx.scanline_events || !present) - { -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 04cfbb0..6539572 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -766,7 +766,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), - if (ncards == 0) - return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); - if (!ifaces) - return grub_errno; - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 5d9afe0..e332d5e 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - ptr++; - ptr += 4; - } -- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) -- * grub_be_to_cpu16 (head->ancount)); -+ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), -+ sizeof ((*data->addresses)[0])); - if (!*data->addresses) - { - grub_errno = GRUB_ERR_NONE; -@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), - dns_cache[h].addresses = 0; - dns_cache[h].name = grub_strdup (data->oname); - dns_cache[h].naddresses = *data->naddresses; -- dns_cache[h].addresses = grub_malloc (*data->naddresses -- * sizeof (dns_cache[h].addresses[0])); -+ dns_cache[h].addresses = grub_calloc (*data->naddresses, -+ sizeof (dns_cache[h].addresses[0])); - dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; - if (!dns_cache[h].addresses || !dns_cache[h].name) - { -@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, - } - } - -- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); -+ sockets = grub_calloc (n_servers, sizeof (sockets[0])); - if (!sockets) - return grub_errno; - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d5d726a..38f19df 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), - ncards++; - } - -- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); -- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); -+ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); -+ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); - if (!ifaces || !slaacs) - { - grub_free (ifaces); -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index b0ab47d..d57fb72 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, - { - grub_size_t msg_len = grub_strlen (msg); - -- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!*unicode_msg) - return -1; -@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - } - else - { -- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); -+ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); - if (!n) - { - grub_errno = GRUB_ERR_NONE; -@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, - } \ - } - -- visual = grub_malloc (sizeof (visual[0]) * logical_len); -+ visual = grub_calloc (logical_len, sizeof (visual[0])); - if (!visual) - return -1; - -@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, - { - const grub_uint32_t *line_start = logical, *ptr; - struct grub_unicode_glyph *visual_ptr; -- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) -- * (logical_len + 2)); -+ *visual_out = visual_ptr = grub_calloc (logical_len + 2, -+ 3 * sizeof (visual_ptr[0])); - if (!visual_ptr) - return -1; - for (ptr = logical; ptr <= logical + logical_len; ptr++) -diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c037d50..c57242e 100644 ---- a/grub-core/normal/cmdline.c -+++ b/grub-core/normal/cmdline.c -@@ -41,7 +41,7 @@ grub_err_t - grub_set_history (int newsize) - { - grub_uint32_t **old_hist_lines = hist_lines; -- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); -+ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); - - /* Copy the old lines into the new buffer. */ - if (old_hist_lines) -@@ -114,7 +114,7 @@ static void - grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) - { - grub_free (hist_lines[pos]); -- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); -+ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); - if (!hist_lines[pos]) - { - grub_print_error (); -@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) - char *ret; - unsigned nterms; - -- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); -+ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); - if (!buf) - return 0; - -@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) - FOR_ACTIVE_TERM_OUTPUTS(cur) - nterms++; - -- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); -+ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); - if (!cl_terms) - { - grub_free (buf); -@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) - } - cl_term_cur = cl_terms; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - if (!unicode_msg) - { - grub_free (buf); -@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) - grub_uint32_t *insert; - - insertlen = grub_strlen (insertu8); -- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); -+ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); - if (!insert) - { - grub_free (insertu8); -@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) - - grub_free (kill_buf); - -- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); -+ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); - if (grub_errno) - { - grub_print_error (); -diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index cdf3590..1993995 100644 ---- a/grub-core/normal/menu_entry.c -+++ b/grub-core/normal/menu_entry.c -@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) - { - linep->len = 0; - linep->max_len = 80; -- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); -- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); -+ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); -+ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); - if (! linep->buf || !linep->pos) - { - grub_free (linep->buf); -@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, - pos = linep->pos + (term_screen - screen->terms); - - if (!*pos) -- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); -+ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); - - if (i == region_start || linep == screen->lines + screen->line - || (i > region_start && mode == ALL_LINES)) -@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) - - /* Insert the string. */ - current_linep = screen->lines + screen->line; -- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) - if (completion_buffer.buf) - { - buflen = grub_strlen (completion_buffer.buf); -- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); -+ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); - - if (!ucs4) - { -@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) - for (i = 0; i < (unsigned) screen->num_lines; i++) - { - grub_free (screen->lines[i].pos); -- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); -+ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); - if (! screen->lines[i].pos) - { - grub_print_error (); -@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) - } - } - -- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); -+ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); - if (!screen->terms) - { - grub_print_error (); -diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c -index e22bb91..18240e7 100644 ---- a/grub-core/normal/menu_text.c -+++ b/grub-core/normal/menu_text.c -@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, - grub_size_t msg_len = grub_strlen (msg) + 2; - int ret = 0; - -- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - if (!unicode_msg) - return 0; -@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, - - title = entry ? entry->title : ""; - title_len = grub_strlen (title); -- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); -+ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); - if (! unicode_title) - /* XXX How to show this error? */ - return; -diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c -index a1e5c5a..cc8c173 100644 ---- a/grub-core/normal/term.c -+++ b/grub-core/normal/term.c -@@ -264,7 +264,7 @@ grub_term_save_pos (void) - FOR_ACTIVE_TERM_OUTPUTS(cur) - cnt++; - -- ret = grub_malloc (cnt * sizeof (ret[0])); -+ ret = grub_calloc (cnt, sizeof (ret[0])); - if (!ret) - return NULL; - -@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) - - grub_error_push (); - -- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); -+ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); - - grub_error_pop (); - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 90d92d3..5b41ad0 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) - if (ret != 0) - grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); - -- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); -+ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); - - for (i = 0, j = 0; j < info.nr_disks; i++) - { -@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir) - return NULL; - } - -- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); -+ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); - - for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) - { -@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) - if (relroot) - *relroot = NULL; - -- entries = xmalloc (entry_max * sizeof (*entries)); -+ entries = xcalloc (entry_max, sizeof (*entries)); - - again: - fp = grub_util_fopen ("/proc/self/mountinfo", "r"); -diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 65effa9..7d63251 100644 ---- a/grub-core/osdep/unix/config.c -+++ b/grub-core/osdep/unix/config.c -@@ -89,7 +89,7 @@ grub_util_load_config (struct grub_util_config *cfg) - argv[0] = "sh"; - argv[1] = "-c"; - -- script = xmalloc (4 * strlen (cfgfile) + 300); -+ script = xcalloc (4, strlen (cfgfile) + 300); - - ptr = script; - memcpy (ptr, ". '", 3); -diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c -index 661d954..eada663 100644 ---- a/grub-core/osdep/windows/getroot.c -+++ b/grub-core/osdep/windows/getroot.c -@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) - - for (ptr = path; *ptr; ptr++); - allocsize = (ptr - path + 10) * 2; -- out = xmalloc (allocsize * sizeof (out[0])); -+ out = xcalloc (allocsize, sizeof (out[0])); - - /* When pointing to EFI system partition GetVolumePathName fails - for ESP root and returns abberant information for everything -diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c -index 3551007..0be3273 100644 ---- a/grub-core/osdep/windows/hostdisk.c -+++ b/grub-core/osdep/windows/hostdisk.c -@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) - - while (1) - { -- fpa = xmalloc (alloc * sizeof (fpa[0])); -+ fpa = xcalloc (alloc, sizeof (fpa[0])); - - len = GetFullPathName (tpath, alloc, fpa, NULL); - if (len >= alloc) -@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) - for (l = 0; name_windows[l]; l++); - for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); - l++; -- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); -+ pattern = xcalloc (l + 3, sizeof (pattern[0])); - memcpy (pattern, name_windows, l * sizeof (pattern[0])); - pattern[l] = '\\'; - pattern[l + 1] = '*'; -diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c -index e8ffd62..6297de6 100644 ---- a/grub-core/osdep/windows/init.c -+++ b/grub-core/osdep/windows/init.c -@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), - LPWSTR *targv; - - targv = CommandLineToArgvW (tcmdline, argc); -- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); -+ *argv = xcalloc (*argc + 1, sizeof (argv[0])); - - for (i = 0; i < *argc; i++) - (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); -diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 7eb53fe..1ef86bf 100644 ---- a/grub-core/osdep/windows/platform.c -+++ b/grub-core/osdep/windows/platform.c -@@ -225,8 +225,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, - grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); - - distrib8_len = grub_strlen (efi_distributor); -- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 -- * sizeof (grub_uint16_t)); -+ distributor16 = xcalloc (distrib8_len + 1, -+ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); - distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, - (const grub_uint8_t *) efi_distributor, - distrib8_len, 0); -diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c -index cb08617..478e8ef 100644 ---- a/grub-core/osdep/windows/relpath.c -+++ b/grub-core/osdep/windows/relpath.c -@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) - if (dirwindows[0] && dirwindows[1] == ':') - offset = 2; - } -- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); -+ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); - if (dirwindows[offset] != '\\' - && dirwindows[offset] != '/' - && dirwindows[offset]) -diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c -index 103f679..72a2e37 100644 ---- a/grub-core/partmap/gpt.c -+++ b/grub-core/partmap/gpt.c -@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - *nsectors = ctx.len; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c -index 7b8e450..ee3f249 100644 ---- a/grub-core/partmap/msdos.c -+++ b/grub-core/partmap/msdos.c -@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, - avail_nsectors = *nsectors; - if (*nsectors > max_nsectors) - *nsectors = max_nsectors; -- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); -+ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); - if (!*sectors) - return grub_errno; - for (i = 0; i < *nsectors; i++) -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index ee299fd..c8d6806 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) - for (iptr = orig_str; *iptr; iptr++) - if (*iptr == '$') - dollar_cnt++; -- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); -+ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); - - if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) - goto fail; -diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c -index 2d60852..b5eb516 100644 ---- a/grub-core/tests/fake_input.c -+++ b/grub-core/tests/fake_input.c -@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) - saved = grub_term_inputs; - if (seq) - grub_free (seq); -- seq = grub_malloc (nseq_in * sizeof (seq[0])); -+ seq = grub_calloc (nseq_in, sizeof (seq[0])); - if (!seq) - return; - -diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c -index 74d5b65..44d0810 100644 ---- a/grub-core/tests/video_checksum.c -+++ b/grub-core/tests/video_checksum.c -@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, - { - case 4: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, - } - case 3: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); -@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, - } - case 2: - { -- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); -+ grub_uint8_t *buffer = xcalloc (3, mode_info->width); - grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); - grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); - grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); -diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c -index 4f83c74..4d3195e 100644 ---- a/grub-core/video/capture.c -+++ b/grub-core/video/capture.c -@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, - framebuffer.mode_info = *mode_info; - framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); - -- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); -+ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); - if (!framebuffer.ptr) - return grub_errno; - -diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c -index a2f639f..0ebab6f 100644 ---- a/grub-core/video/emu/sdl.c -+++ b/grub-core/video/emu/sdl.c -@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, - if (start + count > mode_info.number_of_colors) - count = mode_info.number_of_colors - start; - -- tmp = grub_malloc (count * sizeof (tmp[0])); -+ tmp = grub_calloc (count, sizeof (tmp[0])); - for (i = 0; i < count; i++) - { - tmp[i].r = palette_data[i].r; -diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c -index 01f4711..b2f776c 100644 ---- a/grub-core/video/i386/pc/vga.c -+++ b/grub-core/video/i386/pc/vga.c -@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, - - vga_height = height ? : 480; - -- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); -+ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); - framebuffer.front_page = 0; - framebuffer.back_page = 0; - if (!framebuffer.temporary_buffer) -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 777e713..61bd645 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - if (data->is_16bit || data->is_gray || data->is_palette) - #endif - { -- data->image_data = grub_malloc (data->image_height * data->row_bytes); -+ data->image_data = grub_calloc (data->image_height, data->row_bytes); - if (grub_errno) - return grub_errno; - -diff --git a/include/grub/unicode.h b/include/grub/unicode.h -index a0403e9..4de986a 100644 ---- a/include/grub/unicode.h -+++ b/include/grub/unicode.h -@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - { - grub_free (out); -@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, - grub_memcpy (out, in, sizeof (*in)); - if (in->ncomb > ARRAY_SIZE (out->combining_inline)) - { -- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); -+ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); - if (!out->combining_ptr) - return; - grub_memcpy (out->combining_ptr, in->combining_ptr, -diff --git a/util/getroot.c b/util/getroot.c -index 847406f..a5eaa64 100644 ---- a/util/getroot.c -+++ b/util/getroot.c -@@ -200,7 +200,7 @@ make_device_name (const char *drive) - char *ret, *ptr; - const char *iptr; - -- ret = xmalloc (strlen (drive) * 2); -+ ret = xcalloc (2, strlen (drive)); - ptr = ret; - for (iptr = drive; *iptr; iptr++) - { -diff --git a/util/grub-file.c b/util/grub-file.c -index 50c18b6..b2e7dd6 100644 ---- a/util/grub-file.c -+++ b/util/grub-file.c -@@ -54,7 +54,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- argv2 = xmalloc (argc * sizeof (argv2[0])); -+ argv2 = xcalloc (argc, sizeof (argv2[0])); - - if (argc == 2 && strcmp (argv[1], "--version") == 0) - { -diff --git a/util/grub-fstest.c b/util/grub-fstest.c -index f14e02d..57246af 100644 ---- a/util/grub-fstest.c -+++ b/util/grub-fstest.c -@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) - if (args_count < num_disks) - { - if (args_count == 0) -- images = xmalloc (num_disks * sizeof (images[0])); -+ images = xcalloc (num_disks, sizeof (images[0])); - images[args_count] = grub_canonicalize_file_name (arg); - args_count++; - return 0; -@@ -734,7 +734,7 @@ main (int argc, char *argv[]) - - grub_util_host_init (&argc, &argv); - -- args = xmalloc (argc * sizeof (args[0])); -+ args = xcalloc (argc, sizeof (args[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index ca0ac61..0295d40 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val, - il->n_entries++; - } - il->n_alloc = il->n_entries + 1; -- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); -+ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); - ptr = val; - for (ce = il->entries; ; ce++) - { -diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4..a82725f 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -626,7 +626,7 @@ device_map_check_duplicates (const char *dev_map) - if (! fp) - return; - -- d = xmalloc (alloced * sizeof (d[0])); -+ d = xcalloc (alloced, sizeof (d[0])); - - while (fgets (buf, sizeof (buf), fp)) - { -@@ -1260,7 +1260,7 @@ main (int argc, char *argv[]) - ndev++; - } - -- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); -+ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); - - for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, - curdrive++) -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index bc087c2..d97d0e7 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, - + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); - smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); - -- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); -- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); -- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); -- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); -+ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); -+ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); - - SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); - -diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index ce2cbc4..5183102 100644 ---- a/util/grub-mkrescue.c -+++ b/util/grub-mkrescue.c -@@ -441,8 +441,8 @@ main (int argc, char *argv[]) - xorriso = xstrdup ("xorriso"); - label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); - -- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); -- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); -+ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); -+ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); - - xorriso_tail_argc = 0; - /* Program name */ -diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index 4907d44..edf3097 100644 ---- a/util/grub-mkstandalone.c -+++ b/util/grub-mkstandalone.c -@@ -296,7 +296,7 @@ main (int argc, char *argv[]) - grub_util_host_init (&argc, &argv); - grub_util_disable_fd_syncs (); - -- files = xmalloc ((argc + 1) * sizeof (files[0])); -+ files = xcalloc (argc + 1, sizeof (files[0])); - - argp_parse (&argp, argc, argv, 0, 0, 0); - -diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c -index 0d4084a..1133129 100644 ---- a/util/grub-pe2elf.c -+++ b/util/grub-pe2elf.c -@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, - char *pe_strtab = (image + pe_chdr->symtab_offset - + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); - -- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); -+ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); - section_map[0] = 0; -- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); -+ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); - idx = 1; - idx_reloc = pe_chdr->num_sections + 1; - -@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, - - pe_sec = pe_shdr + shdr[i].sh_link; - pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); -- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); -+ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); - num_rels = 0; - modified = 0; - -@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, - pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); - pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); - -- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * -- sizeof (Elf_Sym)); -- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); -+ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); - num_syms = 1; - -- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); -+ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); - - for (i = 0; i < (int) pe_chdr->num_symbols; - i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) -diff --git a/util/grub-probe.c b/util/grub-probe.c -index 81d27ee..cbe6ed9 100644 ---- a/util/grub-probe.c -+++ b/util/grub-probe.c -@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) - grub_util_pull_device (*curdev); - ndev++; - } -- -- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); -+ -+ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); - - for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, - curdrive++) --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch deleted file mode 100644 index 7214ead9a7..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch +++ /dev/null @@ -1,1330 +0,0 @@ -From eb77d1ef65e25746acff43545f62a71360b15eec Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:28:27 -0400 -Subject: [PATCH 6/9] malloc: Use overflow checking primitives where we do - complex allocations - -This attempts to fix the places where we do the following where -arithmetic_expr may include unvalidated data: - - X = grub_malloc(arithmetic_expr); - -It accomplishes this by doing the arithmetic ahead of time using grub_add(), -grub_sub(), grub_mul() and testing for overflow before proceeding. - -Among other issues, this fixes: - - allocation of integer overflow in grub_video_bitmap_create() - reported by Chris Coulson, - - allocation of integer overflow in grub_png_decode_image_header() - reported by Chris Coulson, - - allocation of integer overflow in grub_squash_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in grub_ext2_read_symlink() - reported by Chris Coulson, - - allocation of integer overflow in read_section_as_string() - reported by Chris Coulson. - -Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- - grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++----- - grub-core/disk/ldm.c | 32 ++++++++++++++++++-------- - grub-core/font/font.c | 7 +++++- - grub-core/fs/btrfs.c | 28 +++++++++++++++-------- - grub-core/fs/ext2.c | 10 ++++++++- - grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++------------- - grub-core/fs/sfs.c | 27 +++++++++++++++++----- - grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++--------- - grub-core/fs/udf.c | 41 +++++++++++++++++++++------------ - grub-core/fs/xfs.c | 11 +++++---- - grub-core/fs/zfs/zfs.c | 22 ++++++++++++------ - grub-core/fs/zfs/zfscrypt.c | 7 +++++- - grub-core/lib/arg.c | 20 +++++++++++++++-- - grub-core/loader/i386/bsd.c | 8 ++++++- - grub-core/net/dns.c | 9 +++++++- - grub-core/normal/charset.c | 10 +++++++-- - grub-core/normal/cmdline.c | 14 ++++++++++-- - grub-core/normal/menu_entry.c | 13 +++++++++-- - grub-core/script/argv.c | 16 +++++++++++-- - grub-core/script/lexer.c | 21 ++++++++++++++--- - grub-core/video/bitmap.c | 25 +++++++++++++-------- - grub-core/video/readers/png.c | 13 +++++++++-- - 23 files changed, 382 insertions(+), 113 deletions(-) - -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index 5e3ec0d..cc5971f 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -32,6 +32,7 @@ - #include <grub/auth.h> - #include <grub/disk.h> - #include <grub/partition.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -104,13 +105,22 @@ legacy_file (const char *filename) - if (newsuffix) - { - char *t; -- -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_0; -+ } -+ - t = suffix; -- suffix = grub_realloc (suffix, grub_strlen (suffix) -- + grub_strlen (newsuffix) + 1); -+ suffix = grub_realloc (suffix, sz); - if (!suffix) - { - grub_free (t); -+ -+ fail_0: - grub_free (entrysrc); - grub_free (parsed); - grub_free (newsuffix); -@@ -154,13 +164,22 @@ legacy_file (const char *filename) - else - { - char *t; -+ grub_size_t sz; -+ -+ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail_1; -+ } - - t = entrysrc; -- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) -- + grub_strlen (parsed) + 1); -+ entrysrc = grub_realloc (entrysrc, sz); - if (!entrysrc) - { - grub_free (t); -+ -+ fail_1: - grub_free (parsed); - grub_free (suffix); - return grub_errno; -diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c -index 4a106ca..cc32903 100644 ---- a/grub-core/commands/wildcard.c -+++ b/grub-core/commands/wildcard.c -@@ -23,6 +23,7 @@ - #include <grub/file.h> - #include <grub/device.h> - #include <grub/script_sh.h> -+#include <grub/safemath.h> - - #include <regex.h> - -@@ -48,6 +49,7 @@ merge (char **dest, char **ps) - int i; - int j; - char **p; -+ grub_size_t sz; - - if (! dest) - return ps; -@@ -60,7 +62,12 @@ merge (char **dest, char **ps) - for (j = 0; ps[j]; j++) - ; - -- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); -+ if (grub_add (i, j, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return dest; -+ -+ p = grub_realloc (dest, sz); - if (! p) - { - grub_free (dest); -@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) - char ch; - int i = 0; - unsigned len = end - start; -- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ -+ char *buffer; -+ grub_size_t sz; - -+ /* Worst case size is (len * 2 + 2 + 1). */ -+ if (grub_mul (len, 2, &sz) || -+ grub_add (sz, 3, &sz)) -+ return 1; -+ -+ buffer = grub_malloc (sz); - if (! buffer) - return 1; - -@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) - struct match_devices_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip partitions if asked to. */ - if (ctx->noparts && grub_strchr (name, ',')) -@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) - if (regexec (ctx->regexp, buffer, 0, 0, 0)) - { - grub_dprintf ("expand", "not matched\n"); -+ fail: - grub_free (buffer); - return 0; - } - -- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); -+ if (grub_add (ctx->ndev, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->devs, sz); - if (! t) - { - grub_free (buffer); -@@ -300,6 +320,7 @@ match_files_iter (const char *name, - struct match_files_ctx *ctx = data; - char **t; - char *buffer; -+ grub_size_t sz; - - /* skip . and .. names */ - if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) -@@ -315,9 +336,14 @@ match_files_iter (const char *name, - if (! buffer) - return 1; - -- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); -- if (! t) -+ if (grub_add (ctx->nfile, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ goto fail; -+ -+ t = grub_realloc (ctx->files, sz); -+ if (!t) - { -+ fail: - grub_free (buffer); - return 1; - } -diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c -index e632370..58f8a53 100644 ---- a/grub-core/disk/ldm.c -+++ b/grub-core/disk/ldm.c -@@ -25,6 +25,7 @@ - #include <grub/msdos_partition.h> - #include <grub/gpt_partition.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - #ifdef GRUB_UTIL - #include <grub/emu/misc.h> -@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, - struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE - / sizeof (struct grub_ldm_vblk)]; - unsigned i; -+ grub_size_t sz; - err = grub_disk_read (disk, cursec, 0, - sizeof(vblk), &vblk); - if (err) -@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, - grub_free (lv); - goto fail2; - } -- lv->name = grub_malloc (*ptr + 1); -+ if (grub_add (*ptr, 1, &sz)) -+ { -+ grub_free (lv->internal_id); -+ grub_free (lv); -+ goto fail2; -+ } -+ lv->name = grub_malloc (sz); - if (!lv->name) - { - grub_free (lv->internal_id); -@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, - if (lv->segments->node_alloc == lv->segments->node_count) - { - void *t; -- lv->segments->node_alloc *= 2; -- t = grub_realloc (lv->segments->nodes, -- sizeof (*lv->segments->nodes) -- * lv->segments->node_alloc); -+ grub_size_t sz; -+ -+ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || -+ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (lv->segments->nodes, sz); - if (!t) - goto fail2; - lv->segments->nodes = t; -@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, - if (comp->segment_alloc == comp->segment_count) - { - void *t; -- comp->segment_alloc *= 2; -- t = grub_realloc (comp->segments, -- comp->segment_alloc -- * sizeof (*comp->segments)); -+ grub_size_t sz; -+ -+ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || -+ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) -+ goto fail2; -+ -+ t = grub_realloc (comp->segments, sz); - if (!t) - goto fail2; - comp->segments = t; -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 8e118b3..5edb477 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -30,6 +30,7 @@ - #include <grub/unicode.h> - #include <grub/fontformat.h> - #include <grub/env.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -360,9 +361,13 @@ static char * - read_section_as_string (struct font_file_section *section) - { - char *str; -+ grub_size_t sz; - grub_ssize_t ret; - -- str = grub_malloc (section->length + 1); -+ if (grub_add (section->length, 1, &sz)) -+ return NULL; -+ -+ str = grub_malloc (sz); - if (!str) - return 0; - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 11272ef..2b65bd5 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -40,6 +40,7 @@ - #include <grub/btrfs.h> - #include <grub/crypto.h> - #include <grub/diskfilter.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, - if (desc->allocated < desc->depth) - { - void *newdata; -- desc->allocated *= 2; -- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) -- * desc->allocated); -+ grub_size_t sz; -+ -+ if (grub_mul (desc->allocated, 2, &desc->allocated) || -+ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ newdata = grub_realloc (desc->data, sz); - if (!newdata) - return grub_errno; - desc->data = newdata; -@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id) - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ goto fail; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { -+ data->devices_attached = tmp; -+ -+ fail: - if (ctx.dev_found) - grub_device_close (ctx.dev_found); -- data->devices_attached = tmp; - return NULL; - } - } -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index 9b38980..ac33bcd 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -46,6 +46,7 @@ - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/fshelp.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) - { - char *symlink; - struct grub_fshelp_node *diro = node; -+ grub_size_t sz; - - if (! diro->inode_read) - { -@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) - } - } - -- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); -+ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ symlink = grub_malloc (sz); - if (! symlink) - return 0; - -diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c -index 4f1b52a..7ba5b30 100644 ---- a/grub-core/fs/iso9660.c -+++ b/grub-core/fs/iso9660.c -@@ -28,6 +28,7 @@ - #include <grub/fshelp.h> - #include <grub/charset.h> - #include <grub/datetime.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, - int len2) - { - int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; -+ grub_size_t sz; - -- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); -+ if (grub_add (size, len2, &sz) || -+ grub_add (sz, 1, &sz)) -+ return; -+ -+ ctx->symlink = grub_realloc (ctx->symlink, sz); - if (! ctx->symlink) - return; - -@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, - { - grub_size_t off = 0, csize = 1; - char *old; -+ grub_size_t sz; -+ - csize = entry->len - 5; - old = ctx->filename; - if (ctx->filename_alloc) - { - off = grub_strlen (ctx->filename); -- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); -+ if (grub_add (csize, off, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_realloc (ctx->filename, sz); - } - else - { - off = 0; -- ctx->filename = grub_zalloc (csize + 1); -+ if (grub_add (csize, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ ctx->filename = grub_zalloc (sz); - } - if (!ctx->filename) - { -@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, - if (node->have_dirents >= node->alloc_dirents) - { - struct grub_fshelp_node *new_node; -- node->alloc_dirents *= 2; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0]))); -+ grub_size_t sz; -+ -+ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || -+ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) -+ goto fail_0; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_0: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, - * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) - { - struct grub_fshelp_node *new_node; -- new_node = grub_realloc (node, -- sizeof (struct grub_fshelp_node) -- + ((node->alloc_dirents -- - ARRAY_SIZE (node->dirents)) -- * sizeof (node->dirents[0])) -- + grub_strlen (ctx.symlink) + 1); -+ grub_size_t sz; -+ -+ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || -+ grub_mul (sz, sizeof (node->dirents[0]), &sz) || -+ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || -+ grub_add (sz, grub_strlen (ctx.symlink), &sz)) -+ goto fail_1; -+ -+ new_node = grub_realloc (node, sz); - if (!new_node) - { -+ fail_1: - if (ctx.filename_alloc) - grub_free (ctx.filename); - grub_free (node); -diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c -index 90f7fb3..de2b107 100644 ---- a/grub-core/fs/sfs.c -+++ b/grub-core/fs/sfs.c -@@ -26,6 +26,7 @@ - #include <grub/types.h> - #include <grub/fshelp.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) - if (node->cache && node->cache_size >= node->cache_allocated) - { - struct cache_entry *e = node->cache; -- e = grub_realloc (node->cache,node->cache_allocated * 2 -- * sizeof (e[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) -+ goto fail; -+ -+ e = grub_realloc (node->cache, sz); - if (!e) - { -+ fail: - grub_errno = 0; - grub_free (node->cache); - node->cache = 0; -@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, - grub_size_t len = grub_strlen (name); - grub_uint8_t *name_u8; - int ret; -+ grub_size_t sz; -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return 1; -+ - *node = grub_malloc (sizeof (**node)); - if (!*node) - return 1; -- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ name_u8 = grub_malloc (sz); - if (!name_u8) - { - grub_free (*node); -@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) - data = grub_sfs_mount (disk); - if (data) - { -- grub_size_t len = grub_strlen (data->label); -- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); -+ grub_size_t sz, len = grub_strlen (data->label); -+ -+ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || -+ grub_add (sz, 1, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ *label = grub_malloc (sz); - if (*label) - *grub_latin1_to_utf8 ((grub_uint8_t *) *label, - (const grub_uint8_t *) data->label, -diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c -index 95d5c1e..7851238 100644 ---- a/grub-core/fs/squash4.c -+++ b/grub-core/fs/squash4.c -@@ -26,6 +26,7 @@ - #include <grub/types.h> - #include <grub/fshelp.h> - #include <grub/deflate.h> -+#include <grub/safemath.h> - #include <minilzo.h> - - #include "xz.h" -@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) - { - char *ret; - grub_err_t err; -- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); -+ grub_size_t sz; -+ -+ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_malloc (sz); -+ if (!ret) -+ return NULL; - - err = read_chunk (node->data, ret, - grub_le_to_cpu32 (node->ino.symlink.namelen), -@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - - { - grub_fshelp_node_t node; -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) - return 1; - -@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - { - grub_err_t err; - -- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (!node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz); - - node->stsize--; - err = read_chunk (dir->data, &node->ino, sizeof (node->ino), -@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; - struct grub_squash_dirent di; - struct grub_squash_inode ino; -+ grub_size_t sz; - - err = read_chunk (dir->data, &di, sizeof (di), - grub_le_to_cpu64 (dir->data->sb.diroffset) -@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, - if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) - filetype = GRUB_FSHELP_SYMLINK; - -- node = grub_malloc (sizeof (*node) -- + (dir->stsize + 1) * sizeof (dir->stack[0])); -+ if (grub_add (dir->stsize, 1, &sz) || -+ grub_mul (sz, sizeof (dir->stack[0]), &sz) || -+ grub_add (sz, sizeof (*node), &sz)) -+ return 0; -+ -+ node = grub_malloc (sz); - if (! node) - return 0; - -- grub_memcpy (node, dir, -- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); -+ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); - - node->ino = ino; - node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); -diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c -index a837616..21ac7f4 100644 ---- a/grub-core/fs/udf.c -+++ b/grub-core/fs/udf.c -@@ -28,6 +28,7 @@ - #include <grub/charset.h> - #include <grub/datetime.h> - #include <grub/udf.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) - utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; - } - if (!outbuf) -- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ { -+ grub_size_t size; -+ -+ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || -+ grub_add (size, 1, &size)) -+ goto fail; -+ -+ outbuf = grub_malloc (size); -+ } - if (outbuf) - *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; -+ -+ fail: - grub_free (utf16); - return outbuf; - } -@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - grub_size_t sz = U64 (node->block.fe.file_size); - grub_uint8_t *raw; - const grub_uint8_t *ptr; -- char *out, *optr; -+ char *out = NULL, *optr; - - if (sz < 4) - return NULL; -@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - if (!raw) - return NULL; - if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) -- { -- grub_free (raw); -- return NULL; -- } -+ goto fail_1; - -- out = grub_malloc (sz * 2 + 1); -+ if (grub_mul (sz, 2, &sz) || -+ grub_add (sz, 1, &sz)) -+ goto fail_0; -+ -+ out = grub_malloc (sz); - if (!out) - { -+ fail_0: - grub_free (raw); - return NULL; - } -@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - { - grub_size_t s; - if ((grub_size_t) (ptr - raw + 4) > sz) -- goto fail; -+ goto fail_1; - if (!(ptr[2] == 0 && ptr[3] == 0)) -- goto fail; -+ goto fail_1; - s = 4 + ptr[1]; - if ((grub_size_t) (ptr - raw + s) > sz) -- goto fail; -+ goto fail_1; - switch (*ptr) - { - case 1: - if (ptr[1]) -- goto fail; -+ goto fail_1; - /* Fallthrough. */ - case 2: - /* in 4 bytes. out: 1 byte. */ -@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - if (optr != out) - *optr++ = '/'; - if (!read_string (ptr + 4, s - 4, optr)) -- goto fail; -+ goto fail_1; - optr += grub_strlen (optr); - break; - default: -- goto fail; -+ goto fail_1; - } - ptr += s; - } -@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) - grub_free (raw); - return out; - -- fail: -+ fail_1: - grub_free (raw); - grub_free (out); - grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 96ffecb..ea65902 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -25,6 +25,7 @@ - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/fshelp.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -899,6 +900,7 @@ static struct grub_xfs_data * - grub_xfs_mount (grub_disk_t disk) - { - struct grub_xfs_data *data = 0; -+ grub_size_t sz; - - data = grub_zalloc (sizeof (struct grub_xfs_data)); - if (!data) -@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) - if (!grub_xfs_sb_valid(data)) - goto fail; - -- data = grub_realloc (data, -- sizeof (struct grub_xfs_data) -- - sizeof (struct grub_xfs_inode) -- + grub_xfs_inode_size(data) + 1); -+ if (grub_add (grub_xfs_inode_size (data), -+ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) -+ goto fail; -+ -+ data = grub_realloc (data, sz); - - if (! data) - goto fail; -diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c -index 381dde5..36d0373 100644 ---- a/grub-core/fs/zfs/zfs.c -+++ b/grub-core/fs/zfs/zfs.c -@@ -55,6 +55,7 @@ - #include <grub/deflate.h> - #include <grub/crypto.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, - if (data->n_devices_attached > data->n_devices_allocated) - { - void *tmp; -- data->n_devices_allocated = 2 * data->n_devices_attached + 1; -- data->devices_attached -- = grub_realloc (tmp = data->devices_attached, -- data->n_devices_allocated -- * sizeof (data->devices_attached[0])); -+ grub_size_t sz; -+ -+ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || -+ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || -+ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); - if (!data->devices_attached) - { - data->devices_attached = tmp; -@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) - { - char *nvpair; - char *ret; -- grub_size_t size; -+ grub_size_t size, sz; - int found; - - found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, - &size, 0); - if (!found) - return 0; -- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); -+ -+ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) -+ return 0; -+ -+ ret = grub_zalloc (sz); - if (!ret) - return 0; - grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); -diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c -index 1402e0b..de3b015 100644 ---- a/grub-core/fs/zfs/zfscrypt.c -+++ b/grub-core/fs/zfs/zfscrypt.c -@@ -22,6 +22,7 @@ - #include <grub/misc.h> - #include <grub/disk.h> - #include <grub/partition.h> -+#include <grub/safemath.h> - #include <grub/dl.h> - #include <grub/types.h> - #include <grub/zfs/zfs.h> -@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, - int passphrase) - { - struct grub_zfs_wrap_key *key; -+ grub_size_t sz; -+ - if (!passphrase && keylen > 32) - keylen = 32; -- key = grub_malloc (sizeof (*key) + keylen); -+ if (grub_add (sizeof (*key), keylen, &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ key = grub_malloc (sz); - if (!key) - return grub_errno; - key->is_passphrase = passphrase; -diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c -index fd7744a..3288609 100644 ---- a/grub-core/lib/arg.c -+++ b/grub-core/lib/arg.c -@@ -23,6 +23,7 @@ - #include <grub/term.h> - #include <grub/extcmd.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - /* Built-in parser for default options. */ - static const struct grub_arg_option help_options[] = -@@ -216,7 +217,13 @@ static inline grub_err_t - add_arg (char ***argl, int *num, char *s) - { - char **p = *argl; -- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); -+ grub_size_t sz; -+ -+ if (grub_add (++(*num), 1, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ *argl = grub_realloc (*argl, sz); - if (! *argl) - { - grub_free (p); -@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, - grub_size_t argcnt; - struct grub_arg_list *list; - const struct grub_arg_option *options; -+ grub_size_t sz0, sz1; - - options = extcmd->options; - if (! options) -@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, - argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ - } - -- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); -+ if (grub_mul (sizeof (*list), i, &sz0) || -+ grub_mul (sizeof (char *), argcnt, &sz1) || -+ grub_add (sz0, sz1, &sz0)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return 0; -+ } -+ -+ list = grub_zalloc (sz0); - if (! list) - return 0; - -diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 3730ed3..b92cbe9 100644 ---- a/grub-core/loader/i386/bsd.c -+++ b/grub-core/loader/i386/bsd.c -@@ -35,6 +35,7 @@ - #include <grub/ns8250.h> - #include <grub/bsdlabel.h> - #include <grub/crypto.h> -+#include <grub/safemath.h> - #include <grub/verify.h> - #ifdef GRUB_MACHINE_PCBIOS - #include <grub/machine/int.h> -@@ -1012,11 +1013,16 @@ grub_netbsd_add_modules (void) - struct grub_netbsd_btinfo_modules *mods; - unsigned i; - grub_err_t err; -+ grub_size_t sz; - - for (mod = netbsd_mods; mod; mod = mod->next) - modcnt++; - -- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); -+ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || -+ grub_add (sz, sizeof (*mods), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ mods = grub_malloc (sz); - if (!mods) - return grub_errno; - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index e332d5e..906ec7d 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -22,6 +22,7 @@ - #include <grub/i18n.h> - #include <grub/err.h> - #include <grub/time.h> -+#include <grub/safemath.h> - - struct dns_cache_element - { -@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) - { - int na = dns_servers_alloc * 2; - struct grub_net_network_level_address *ns; -+ grub_size_t sz; -+ - if (na < 8) - na = 8; -- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); -+ -+ if (grub_mul (na, sizeof (ns[0]), &sz)) -+ return GRUB_ERR_OUT_OF_RANGE; -+ -+ ns = grub_realloc (dns_servers, sz); - if (!ns) - return grub_errno; - dns_servers_alloc = na; -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index d57fb72..4dfcc31 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -48,6 +48,7 @@ - #include <grub/unicode.h> - #include <grub/term.h> - #include <grub/normal.h> -+#include <grub/safemath.h> - - #if HAVE_FONT_SOURCE - #include "widthspec.h" -@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - { - struct grub_unicode_combining *n; - unsigned j; -+ grub_size_t sz; - - if (!haveout) - continue; -@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - n = out->combining_inline; - else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) - { -- n = grub_realloc (out->combining_ptr, -- sizeof (n[0]) * (out->ncomb + 1)); -+ if (grub_add (out->ncomb, 1, &sz) || -+ grub_mul (sz, sizeof (n[0]), &sz)) -+ goto fail; -+ -+ n = grub_realloc (out->combining_ptr, sz); - if (!n) - { -+ fail: - grub_errno = GRUB_ERR_NONE; - continue; - } -diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c -index c57242e..de03fe6 100644 ---- a/grub-core/normal/cmdline.c -+++ b/grub-core/normal/cmdline.c -@@ -28,6 +28,7 @@ - #include <grub/env.h> - #include <grub/i18n.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - static grub_uint32_t *kill_buf; - -@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, - if (len + (*llen) >= (*max_len)) - { - grub_uint32_t *nbuf; -- (*max_len) *= 2; -- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); -+ grub_size_t sz; -+ -+ if (grub_mul (*max_len, 2, max_len) || -+ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ goto fail; -+ } -+ -+ nbuf = grub_realloc ((*buf), sz); - if (nbuf) - (*buf) = nbuf; - else - { -+ fail: - grub_print_error (); - grub_errno = GRUB_ERR_NONE; - (*max_len) /= 2; -diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c -index 1993995..50eef91 100644 ---- a/grub-core/normal/menu_entry.c -+++ b/grub-core/normal/menu_entry.c -@@ -27,6 +27,7 @@ - #include <grub/auth.h> - #include <grub/i18n.h> - #include <grub/charset.h> -+#include <grub/safemath.h> - - enum update_mode - { -@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) - { - if (linep->max_len < linep->len + extra) - { -- linep->max_len = 2 * (linep->len + extra); -- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); -+ grub_size_t sz0, sz1; -+ -+ if (grub_add (linep->len, extra, &sz0) || -+ grub_mul (sz0, 2, &sz0) || -+ grub_add (sz0, 1, &sz1) || -+ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) -+ return 0; -+ -+ linep->buf = grub_realloc (linep->buf, sz1); - if (! linep->buf) - return 0; -+ linep->max_len = sz0; - } - - return 1; -diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c -index 217ec5d..5751fdd 100644 ---- a/grub-core/script/argv.c -+++ b/grub-core/script/argv.c -@@ -20,6 +20,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/script_sh.h> -+#include <grub/safemath.h> - - /* Return nearest power of two that is >= v. */ - static unsigned -@@ -81,11 +82,16 @@ int - grub_script_argv_next (struct grub_script_argv *argv) - { - char **p = argv->args; -+ grub_size_t sz; - - if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) - return 0; - -- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); -+ if (grub_add (argv->argc, 2, &sz) || -+ grub_mul (sz, sizeof (char *), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, - { - grub_size_t a; - char *p = argv->args[argv->argc - 1]; -+ grub_size_t sz; - - if (! s) - return 0; - - a = p ? grub_strlen (p) : 0; - -- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); -+ if (grub_add (a, slen, &sz) || -+ grub_add (sz, 1, &sz) || -+ grub_mul (sz, sizeof (char), &sz)) -+ return 1; -+ -+ p = grub_realloc (p, round_up_exp (sz)); - if (! p) - return 1; - -diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c -index c6bd317..5fb0cbd 100644 ---- a/grub-core/script/lexer.c -+++ b/grub-core/script/lexer.c -@@ -24,6 +24,7 @@ - #include <grub/mm.h> - #include <grub/script_sh.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - #define yytext_ptr char * - #include "grub_script.tab.h" -@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) - old = lexer->recording; - if (lexer->recordlen < len) - lexer->recordlen = len; -- lexer->recordlen *= 2; -+ -+ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) -+ goto fail; -+ - lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); - if (!lexer->recording) - { -+ fail: - grub_free (old); - lexer->recordpos = 0; - lexer->recordlen = 0; -@@ -130,7 +135,7 @@ int - grub_script_lexer_yywrap (struct grub_parser_param *parserstate, - const char *input) - { -- grub_size_t len = 0; -+ grub_size_t len = 0, sz; - char *p = 0; - char *line = 0; - YY_BUFFER_STATE buffer; -@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, - } - else if (len && line[len - 1] != '\n') - { -- p = grub_realloc (line, len + 2); -+ if (grub_add (len, 2, &sz)) -+ { -+ grub_free (line); -+ grub_script_yyerror (parserstate, N_("overflow is detected")); -+ return 1; -+ } -+ -+ p = grub_realloc (line, sz); - if (p) - { - p[len++] = '\n'; - p[len] = '\0'; - } -+ else -+ grub_free (line); -+ - line = p; - } - -diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c -index b2e0315..6256e20 100644 ---- a/grub-core/video/bitmap.c -+++ b/grub-core/video/bitmap.c -@@ -23,6 +23,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/i18n.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, - enum grub_video_blit_format blit_format) - { - struct grub_video_mode_info *mode_info; -- unsigned int size; -+ grub_size_t size; - - if (!bitmap) - return grub_error (GRUB_ERR_BUG, "invalid argument"); -@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, - - mode_info->pitch = width * mode_info->bytes_per_pixel; - -- /* Calculate size needed for the data. */ -- size = (width * mode_info->bytes_per_pixel) * height; -+ /* Calculate size needed for the data. */ -+ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || -+ grub_mul (size, height, &size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ goto fail; -+ } - - (*bitmap)->data = grub_zalloc (size); - if (! (*bitmap)->data) -- { -- grub_free (*bitmap); -- *bitmap = 0; -- -- return grub_errno; -- } -+ goto fail; - - return GRUB_ERR_NONE; -+ -+ fail: -+ grub_free (*bitmap); -+ *bitmap = NULL; -+ -+ return grub_errno; - } - - /* Frees all resources allocated by bitmap. */ -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 61bd645..0157ff7 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -23,6 +23,7 @@ - #include <grub/mm.h> - #include <grub/misc.h> - #include <grub/bufio.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp <<= 1; - - data->color_bits = color_bits; -- data->row_bytes = data->image_width * data->bpp; -+ -+ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ - if (data->color_bits <= 4) -- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; -+ { -+ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ -+ data->row_bytes >>= 3; -+ } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN - if (data->is_16bit || data->is_gray || data->is_palette) --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch deleted file mode 100644 index 329e554a68..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch +++ /dev/null @@ -1,117 +0,0 @@ -From c65fc7e75b7b7e880d90766057040011701e97f4 Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Fri, 10 Jul 2020 14:41:45 +0100 -Subject: [PATCH 8/9] script: Avoid a use-after-free when redefining a function - during execution - -Defining a new function with the same name as a previously defined -function causes the grub_script and associated resources for the -previous function to be freed. If the previous function is currently -executing when a function with the same name is defined, this results -in use-after-frees when processing subsequent commands in the original -function. - -Instead, reject a new function definition if it has the same name as -a previously defined function, and that function is currently being -executed. Although a behavioural change, this should be backwards -compatible with existing configurations because they can't be -dependent on the current behaviour without being broken. - -Fixes: CVE-2020-15706 - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-15706 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/script/execute.c | 2 ++ - grub-core/script/function.c | 16 +++++++++++++--- - grub-core/script/parser.y | 3 ++- - include/grub/script_sh.h | 2 ++ - 4 files changed, 19 insertions(+), 4 deletions(-) - -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index c8d6806..7e028e1 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) - old_scope = scope; - scope = &new_scope; - -+ func->executing++; - ret = grub_script_execute (func->func); -+ func->executing--; - - function_return = 0; - active_loops = loops; -diff --git a/grub-core/script/function.c b/grub-core/script/function.c -index d36655e..3aad04b 100644 ---- a/grub-core/script/function.c -+++ b/grub-core/script/function.c -@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - func = (grub_script_function_t) grub_malloc (sizeof (*func)); - if (! func) - return 0; -+ func->executing = 0; - - func->name = grub_strdup (functionname_arg->str); - if (! func->name) -@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, - grub_script_function_t q; - - q = *p; -- grub_script_free (q->func); -- q->func = cmd; - grub_free (func); -- func = q; -+ if (q->executing > 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("attempt to redefine a function being executed")); -+ func = NULL; -+ } -+ else -+ { -+ grub_script_free (q->func); -+ q->func = cmd; -+ func = q; -+ } - } - else - { -diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y -index 4f0ab83..f80b86b 100644 ---- a/grub-core/script/parser.y -+++ b/grub-core/script/parser.y -@@ -289,7 +289,8 @@ function: "function" "name" - grub_script_mem_free (state->func_mem); - else { - script->children = state->scripts; -- grub_script_function_create ($2, script); -+ if (!grub_script_function_create ($2, script)) -+ grub_script_free (script); - } - - state->scripts = $<scripts>3; -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index b382bcf..6c48e07 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -361,6 +361,8 @@ struct grub_script_function - - /* The next element. */ - struct grub_script_function *next; -+ -+ unsigned executing; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch deleted file mode 100644 index d4f9300c0a..0000000000 --- a/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 68a09a74f6d726d79709847f3671c0a08e4fb5a0 Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwatson@debian.org> -Date: Sat, 25 Jul 2020 12:15:37 +0100 -Subject: [PATCH 9/9] linux: Fix integer overflows in initrd size handling - -These could be triggered by a crafted filesystem with very large files. - -Fixes: CVE-2020-15707 - -Signed-off-by: Colin Watson <cjwatson@debian.org> -Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -Upstream-Status: Backport -CVE: CVE-2020-15707 - -Reference to upstream patch: -https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 - -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- - 1 file changed, 54 insertions(+), 20 deletions(-) - -diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c -index 471b214..8c8565a 100644 ---- a/grub-core/loader/linux.c -+++ b/grub-core/loader/linux.c -@@ -4,6 +4,7 @@ - #include <grub/misc.h> - #include <grub/file.h> - #include <grub/mm.h> -+#include <grub/safemath.h> - - struct newc_head - { -@@ -98,13 +99,13 @@ free_dir (struct dir *root) - grub_free (root); - } - --static grub_size_t -+static grub_err_t - insert_dir (const char *name, struct dir **root, -- grub_uint8_t *ptr) -+ grub_uint8_t *ptr, grub_size_t *size) - { - struct dir *cur, **head = root; - const char *cb, *ce = name; -- grub_size_t size = 0; -+ *size = 0; - while (1) - { - for (cb = ce; *cb == '/'; cb++); -@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, - ptr = make_header (ptr, name, ce - name, - 040777, 0); - } -- size += ALIGN_UP ((ce - (char *) name) -- + sizeof (struct newc_head), 4); -+ if (grub_add (*size, -+ ALIGN_UP ((ce - (char *) name) -+ + sizeof (struct newc_head), 4), -+ size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ grub_free (n->name); -+ grub_free (n); -+ return grub_errno; -+ } - *head = n; - cur = n; - } - root = &cur->next; - } -- return size; -+ return GRUB_ERR_NONE; - } - - grub_err_t -@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], - eptr = grub_strchr (ptr, ':'); - if (eptr) - { -+ grub_size_t dir_size, name_len; -+ - initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); -- if (!initrd_ctx->components[i].newc_name) -+ if (!initrd_ctx->components[i].newc_name || -+ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, -+ &dir_size)) - { - grub_initrd_close (initrd_ctx); - return grub_errno; - } -- initrd_ctx->size -- += ALIGN_UP (sizeof (struct newc_head) -- + grub_strlen (initrd_ctx->components[i].newc_name), -- 4); -- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, -- &root, 0); -+ name_len = grub_strlen (initrd_ctx->components[i].newc_name); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), -+ &initrd_ctx->size) || -+ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) -+ goto overflow; - newc = 1; - fname = eptr + 1; - } - } - else if (newc) - { -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - newc = 0; -@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], - initrd_ctx->nfiles++; - initrd_ctx->components[i].size - = grub_file_size (initrd_ctx->components[i].file); -- initrd_ctx->size += initrd_ctx->components[i].size; -+ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, -+ &initrd_ctx->size)) -+ goto overflow; - } - - if (newc) - { - initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); -- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) -- + sizeof ("TRAILER!!!") - 1, 4); -+ if (grub_add (initrd_ctx->size, -+ ALIGN_UP (sizeof (struct newc_head) -+ + sizeof ("TRAILER!!!") - 1, 4), -+ &initrd_ctx->size)) -+ goto overflow; - free_dir (root); - root = 0; - } - - return GRUB_ERR_NONE; -+ -+ overflow: -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); - } - - grub_size_t -@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, - - if (initrd_ctx->components[i].newc_name) - { -- ptr += insert_dir (initrd_ctx->components[i].newc_name, -- &root, ptr); -+ grub_size_t dir_size; -+ -+ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, -+ &dir_size)) -+ { -+ free_dir (root); -+ grub_initrd_close (initrd_ctx); -+ return grub_errno; -+ } -+ ptr += dir_size; - ptr = make_header (ptr, initrd_ctx->components[i].newc_name, - grub_strlen (initrd_ctx->components[i].newc_name), - 0100777, --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000000..7f7bb1acfe --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -0,0 +1,179 @@ +From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap + out-of-bounds write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3695 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/png.c | 87 +++-------------------------------- + 1 file changed, 7 insertions(+), 80 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 35ae553c8..a3161e25b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ +- +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) + return; + } + +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } +- + { + /* Only copy the upper 8 bit. */ + #ifndef GRUB_CPU_WORDS_BIGENDIAN +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch new file mode 100644 index 0000000000..f06514e665 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch @@ -0,0 +1,50 @@ +From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table + items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3696 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e25b..d7ed5aa6c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch new file mode 100644 index 0000000000..e9fc52df86 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch @@ -0,0 +1,84 @@ +From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3697 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 579bbe8a4..09596fbf5 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -23,6 +23,7 @@ + #include <grub/mm.h> + #include <grub/misc.h> + #include <grub/bufio.h> ++#include <grub/safemath.h> + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -699,6 +700,7 @@ static grub_err_t + grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; ++ unsigned stride_a, stride_b, stride; + int rst = data->dri; + grub_err_t err = GRUB_ERR_NONE; + +@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (grub_mul(vb, data->image_width, &stride_a) || ++ grub_mul(hb, nc1, &stride_b) || ++ grub_sub(stride_a, stride_b, &stride)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); +- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) ++ data->r1++, data->bitmap_ptr += stride * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); + c1++, rst--, data->bitmap_ptr += hb * 3) + { +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch new file mode 100644 index 0000000000..dae26fd8bb --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch @@ -0,0 +1,49 @@ +From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001 +From: Michael Chang <mchang@suse.com> +Date: Fri, 3 Dec 2021 16:13:28 +0800 +Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg + +The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating +configuration by grub-mkconfig) has inadvertently discarded umask for +creating grub.cfg in the process of running grub-mkconfig. The resulting +wrong permission (0644) would allow unprivileged users to read GRUB +configuration file content. This presents a low confidentiality risk +as grub.cfg may contain non-secured plain-text passwords. + +This patch restores the missing umask and sets the creation file mode +to 0600 preventing unprivileged access. + +Fixes: CVE-2021-3981 + +Signed-off-by: Michael Chang <mchang@suse.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2021-3981 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + util/grub-mkconfig.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index c3ea7612e..62335d027 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with + exit 1 + else + # none of the children aborted with error, install the new grub.cfg ++ oldumask=$(umask) ++ umask 077 + cat ${grub_cfg}.new > ${grub_cfg} ++ umask $oldumask + rm -f ${grub_cfg}.new + fi + fi +-- +2.31.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch new file mode 100644 index 0000000000..727c509694 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch @@ -0,0 +1,85 @@ +From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang <zhangboyang.id@gmail.com> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] +CVE: CVE-2022-2601 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 876b5b6..0ff5525 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000000..8bf9090f94 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch @@ -0,0 +1,63 @@ +From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: [PATCH] net/ip: Do IP fragment maths safely + +We can receive packets with invalid IP fragmentation information. This +can lead to rsm->total_len underflowing and becoming very large. + +Then, in grub_netbuff_alloc(), we add to this very large number, which can +cause it to overflow and wrap back around to a small positive number. +The allocation then succeeds, but the resulting buffer is too small and +subsequent operations can write past the end of the buffer. + +Catch the underflow here. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28733 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> + +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index e3d62e97f..3c3d0be0e 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include <grub/net/netbuff.h> + #include <grub/mm.h> + #include <grub/priority_queue.h> ++#include <grub/safemath.h> + #include <grub/time.h> + + struct iphdr { +@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000000..f31167d315 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -0,0 +1,58 @@ +From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: [PATCH] net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 33a0a28c4..9291a13e2 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000000..e0ca1eec44 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -0,0 +1,56 @@ +From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: [PATCH] net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index f8d7bf0cd..33a0a28c4 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch new file mode 100644 index 0000000000..7a59f10bfb --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch @@ -0,0 +1,111 @@ +From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode <julian.klode@canonical.com> +Date: Thu, 2 Dec 2021 15:03:53 +0100 +Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock + verifier + +We must not allow other verifiers to pass things like the GRUB modules. +Instead of maintaining a blocklist, maintain an allowlist of things +that we do not care about. + +This allowlist really should be made reusable, and shared by the +lockdown verifier, but this is the minimal patch addressing +security concerns where the TPM verifier was able to mark modules +as verified (or the OpenPGP verifier for that matter), when it +should not do so on shim-powered secure boot systems. + +Fixes: CVE-2022-28735 + +Signed-off-by: Julian Andres Klode <julian.klode@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE:CVE-2022-28735 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53 + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- + include/grub/verify.h | 1 + + 2 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index c52ec6226..89c4bb3fd 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + void **context __attribute__ ((unused)), + enum grub_verify_flags *flags) + { +- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ *flags = GRUB_VERIFY_FLAGS_NONE; + + switch (type & GRUB_FILE_TYPE_MASK) + { ++ /* Files we check. */ + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: + case GRUB_FILE_TYPE_BSD_KERNEL: +@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + case GRUB_FILE_TYPE_PLAN9_KERNEL: + case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: + *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; + +- /* Fall through. */ ++ /* Files that do not affect secureboot state. */ ++ case GRUB_FILE_TYPE_NONE: ++ case GRUB_FILE_TYPE_LOOPBACK: ++ case GRUB_FILE_TYPE_LINUX_INITRD: ++ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: ++ case GRUB_FILE_TYPE_XNU_RAMDISK: ++ case GRUB_FILE_TYPE_SIGNATURE: ++ case GRUB_FILE_TYPE_PUBLIC_KEY: ++ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: ++ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: ++ case GRUB_FILE_TYPE_TESTLOAD: ++ case GRUB_FILE_TYPE_GET_SIZE: ++ case GRUB_FILE_TYPE_FONT: ++ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: ++ case GRUB_FILE_TYPE_CAT: ++ case GRUB_FILE_TYPE_HEXCAT: ++ case GRUB_FILE_TYPE_CMP: ++ case GRUB_FILE_TYPE_HASHLIST: ++ case GRUB_FILE_TYPE_TO_HASH: ++ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: ++ case GRUB_FILE_TYPE_PIXMAP: ++ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: ++ case GRUB_FILE_TYPE_CONFIG: ++ case GRUB_FILE_TYPE_THEME: ++ case GRUB_FILE_TYPE_GETTEXT_CATALOG: ++ case GRUB_FILE_TYPE_FS_SEARCH: ++ case GRUB_FILE_TYPE_LOADENV: ++ case GRUB_FILE_TYPE_SAVEENV: ++ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; + ++ /* Other files. */ + default: +- return GRUB_ERR_NONE; ++ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); + } + } + +diff --git a/include/grub/verify.h b/include/grub/verify.h +index cd129c398..672ae1692 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -24,6 +24,7 @@ + + enum grub_verify_flags + { ++ GRUB_VERIFY_FLAGS_NONE = 0, + GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, + GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, + /* Defer verification to another authority. */ +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch new file mode 100644 index 0000000000..5741e53f42 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch @@ -0,0 +1,86 @@ +From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 11:48:58 +0100 +Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex() + +This ports the EFI chainloader to use grub_loader_set_ex() in order to fix +a use-after-free bug that occurs when grub_cmd_chainloader() is executed +more than once before a boot attempt is performed. + +Fixes: CVE-2022-28736 + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport +CVE: CVE-2022-28736 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d1602c89b..7557eb269 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_handle_t image_handle; +- + static grub_err_t +-grub_chainloader_unload (void) ++grub_chainloader_unload (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + +@@ -64,8 +63,9 @@ grub_chainloader_unload (void) + } + + static grub_err_t +-grub_chainloader_boot (void) ++grub_chainloader_boot (void *context) + { ++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context; + grub_efi_boot_services_t *b; + grub_efi_status_t status; + grub_efi_uintn_t exit_data_size; +@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_physical_address_t address = 0; + grub_efi_uintn_t pages = 0; + grub_efi_char16_t *cmdline = NULL; ++ grub_efi_handle_t image_handle = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); + return 0; + + fail: +@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + efi_call_2 (b->free_pages, address, pages); + + if (image_handle != NULL) +- { +- efi_call_1 (b->unload_image, image_handle); +- image_handle = NULL; +- } ++ efi_call_1 (b->unload_image, image_handle); + + grub_dl_unref (my_mod); + +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch new file mode 100644 index 0000000000..853efd0486 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch @@ -0,0 +1,95 @@ +From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang <zhangboyang.id@gmail.com> +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens <dja@axtens.net> +Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] +CVE: CVE-2022-3775 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> + +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 0ff5525..7b1cbde 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; diff --git a/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch b/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch index faa7fde232..1323a54a59 100644 --- a/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch +++ b/meta/recipes-bsp/grub/files/autogen.sh-exclude-pc.patch @@ -1,6 +1,6 @@ -From 72c30928d3d461e0e2d20c5ff33bd96b6991d585 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Sat, 25 Jan 2014 23:49:44 -0500 +From 8790aa8bea736f52341a0430ff3e317d3be0f99b Mon Sep 17 00:00:00 2001 +From: Naveen Saini <naveen.kumar.saini@intel.com> +Date: Mon, 15 Mar 2021 14:44:15 +0800 Subject: [PATCH] autogen.sh: exclude .pc from po/POTFILES.in Exclude the .pc from po/POTFILES.in since quilt uses "patch --backup", @@ -13,23 +13,24 @@ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh -index ef43270..a7067a7 100755 +index 31b0ced7e..c63ae766c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -13,7 +13,7 @@ fi export LC_COLLATE=C unset LC_ALL --find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -iname './grub-core/lib/gnulib/*' |sort > po/POTFILES.in -+find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -iname './grub-core/lib/gnulib/*' ! -path './.pc/*' |sort > po/POTFILES.in +-find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -ipath './grub-core/lib/gnulib/*' |sort > po/POTFILES.in ++find . -iname '*.[ch]' ! -ipath './grub-core/lib/libgcrypt-grub/*' ! -ipath './build-aux/*' ! -ipath './grub-core/lib/libgcrypt/src/misc.c' ! -ipath './grub-core/lib/libgcrypt/src/global.c' ! -ipath './grub-core/lib/libgcrypt/src/secmem.c' ! -ipath './util/grub-gen-widthspec.c' ! -ipath './util/grub-gen-asciih.c' ! -ipath './gnulib/*' ! -ipath './grub-core/lib/gnulib/*' ! -path './.pc/*' |sort > po/POTFILES.in find util -iname '*.in' ! -name Makefile.in |sort > po/POTFILES-shell.in echo "Importing unicode..." -- -2.7.4 +2.17.1 diff --git a/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch deleted file mode 100644 index c9536e68ef..0000000000 --- a/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch +++ /dev/null @@ -1,246 +0,0 @@ -From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 12:15:29 -0400 -Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking - calloc() available - -This tries to make sure that everywhere in this source tree, we always have -an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) -available, and that they all safely check for overflow and return NULL when -it would occur. - -Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/kern/emu/misc.c | 12 ++++++++++++ - grub-core/kern/emu/mm.c | 10 ++++++++++ - grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ - grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- - grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- - include/grub/emu/misc.h | 1 + - include/grub/mm.h | 6 ++++++ - 7 files changed, 85 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index 65db79b..dfd8a8e 100644 ---- a/grub-core/kern/emu/misc.c -+++ b/grub-core/kern/emu/misc.c -@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) - exit (1); - } - -+void * -+xcalloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *p; -+ -+ p = calloc (nmemb, size); -+ if (!p) -+ grub_util_error ("%s", _("out of memory")); -+ -+ return p; -+} -+ - void * - xmalloc (grub_size_t size) - { -diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c -index f262e95..145b01d 100644 ---- a/grub-core/kern/emu/mm.c -+++ b/grub-core/kern/emu/mm.c -@@ -25,6 +25,16 @@ - #include <string.h> - #include <grub/i18n.h> - -+void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ ret = calloc (nmemb, size); -+ if (!ret) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ return ret; -+} -+ - void * - grub_malloc (grub_size_t size) - { -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index ee88ff6..f2822a8 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -67,8 +67,10 @@ - #include <grub/dl.h> - #include <grub/i18n.h> - #include <grub/mm_private.h> -+#include <grub/safemath.h> - - #ifdef MM_DEBUG -+# undef grub_calloc - # undef grub_malloc - # undef grub_zalloc - # undef grub_realloc -@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) - return 0; - } - -+/* -+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on -+ * integer overflow. -+ */ -+void * -+grub_calloc (grub_size_t nmemb, grub_size_t size) -+{ -+ void *ret; -+ grub_size_t sz = 0; -+ -+ if (grub_mul (nmemb, size, &sz)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ return NULL; -+ } -+ -+ ret = grub_memalign (0, sz); -+ if (!ret) -+ return NULL; -+ -+ grub_memset (ret, 0, sz); -+ return ret; -+} -+ - /* Allocate SIZE bytes and return the pointer. */ - void * - grub_malloc (grub_size_t size) -@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) - grub_printf ("\n"); - } - -+void * -+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) -+{ -+ void *ptr; -+ -+ if (grub_mm_debug) -+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", -+ file, line, size); -+ ptr = grub_calloc (nmemb, size); -+ if (grub_mm_debug) -+ grub_printf ("%p\n", ptr); -+ return ptr; -+} -+ - void * - grub_debug_malloc (const char *file, int line, grub_size_t size) - { -diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c -index beeb661..74c6eaf 100644 ---- a/grub-core/lib/libgcrypt_wrap/mem.c -+++ b/grub-core/lib/libgcrypt_wrap/mem.c -@@ -4,6 +4,7 @@ - #include <grub/crypto.h> - #include <grub/dl.h> - #include <grub/env.h> -+#include <grub/safemath.h> - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -36,7 +37,10 @@ void * - gcry_xcalloc (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -@@ -56,7 +60,10 @@ void * - gcry_xcalloc_secure (size_t n, size_t m) - { - void *ret; -- ret = grub_zalloc (n * m); -+ size_t sz; -+ if (grub_mul (n, m, &sz)) -+ grub_fatal ("gcry_xcalloc would overflow"); -+ ret = grub_zalloc (sz); - if (!ret) - grub_fatal ("gcry_xcalloc failed"); - return ret; -diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 3b46f47..7a8d385 100644 ---- a/grub-core/lib/posix_wrap/stdlib.h -+++ b/grub-core/lib/posix_wrap/stdlib.h -@@ -21,6 +21,7 @@ - - #include <grub/mm.h> - #include <grub/misc.h> -+#include <grub/safemath.h> - - static inline void - free (void *ptr) -@@ -37,7 +38,12 @@ malloc (grub_size_t size) - static inline void * - calloc (grub_size_t size, grub_size_t nelem) - { -- return grub_zalloc (size * nelem); -+ grub_size_t sz; -+ -+ if (grub_mul (size, nelem, &sz)) -+ return NULL; -+ -+ return grub_zalloc (sz); - } - - static inline void * -diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h -index ce464cf..ff9c48a 100644 ---- a/include/grub/emu/misc.h -+++ b/include/grub/emu/misc.h -@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); - #define GRUB_HOST_PRIuLONG_LONG "llu" - #define GRUB_HOST_PRIxLONG_LONG "llx" - -+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; - void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; - char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 28e2e53..9c38dd3 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -29,6 +29,7 @@ - #endif - - void grub_mm_init_region (void *addr, grub_size_t size); -+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_malloc) (grub_size_t size); - void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); - void EXPORT_FUNC(grub_free) (void *ptr); -@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); - void grub_mm_dump_free (void); - void grub_mm_dump (unsigned lineno); - -+#define grub_calloc(nmemb, size) \ -+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) -+ - #define grub_malloc(size) \ - grub_debug_malloc (GRUB_FILE, __LINE__, size) - -@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); - #define grub_free(ptr) \ - grub_debug_free (GRUB_FILE, __LINE__, ptr) - -+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, -+ grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, - grub_size_t size); - void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch new file mode 100644 index 0000000000..a2c0530f04 --- /dev/null +++ b/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch @@ -0,0 +1,168 @@ +From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:58:28 +0100 +Subject: [PATCH] commands/boot: Add API to pass context to loader + +Loaders rely on global variables for saving context which is consumed +in the boot hook and freed in the unload hook. In the case where a loader +command is executed twice, calling grub_loader_set() a second time executes +the unload hook, but in some cases this runs when the loader's global +context has already been updated, resulting in the updated context being +freed and potential use-after-free bugs when the boot hook is subsequently +called. + +This adds a new API, grub_loader_set_ex(), which allows a loader to specify +context that is passed to its boot and unload hooks. This is an alternative +to requiring that loaders call grub_loader_unset() before mutating their +global context. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++----- + include/grub/loader.h | 5 +++ + 2 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c +index bbca81e94..61514788e 100644 +--- a/grub-core/commands/boot.c ++++ b/grub-core/commands/boot.c +@@ -27,10 +27,20 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-static grub_err_t (*grub_loader_boot_func) (void); +-static grub_err_t (*grub_loader_unload_func) (void); ++static grub_err_t (*grub_loader_boot_func) (void *context); ++static grub_err_t (*grub_loader_unload_func) (void *context); ++static void *grub_loader_context; + static int grub_loader_flags; + ++struct grub_simple_loader_hooks ++{ ++ grub_err_t (*boot) (void); ++ grub_err_t (*unload) (void); ++}; ++ ++/* Don't heap allocate this to avoid making grub_loader_set() fallible. */ ++static struct grub_simple_loader_hooks simple_loader_hooks; ++ + struct grub_preboot + { + grub_err_t (*preboot_func) (int); +@@ -44,6 +54,29 @@ static int grub_loader_loaded; + static struct grub_preboot *preboots_head = 0, + *preboots_tail = 0; + ++static grub_err_t ++grub_simple_boot_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ return hooks->boot (); ++} ++ ++static grub_err_t ++grub_simple_unload_hook (void *context) ++{ ++ struct grub_simple_loader_hooks *hooks; ++ grub_err_t ret; ++ ++ hooks = (struct grub_simple_loader_hooks *) context; ++ ++ ret = hooks->unload (); ++ grub_memset (hooks, 0, sizeof (*hooks)); ++ ++ return ret; ++} ++ + int + grub_loader_is_loaded (void) + { +@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) + } + + void +-grub_loader_set (grub_err_t (*boot) (void), +- grub_err_t (*unload) (void), +- int flags) ++grub_loader_set_ex (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = boot; + grub_loader_unload_func = unload; ++ grub_loader_context = context; + grub_loader_flags = flags; + + grub_loader_loaded = 1; + } + ++void ++grub_loader_set (grub_err_t (*boot) (void), ++ grub_err_t (*unload) (void), ++ int flags) ++{ ++ grub_loader_set_ex (grub_simple_boot_hook, ++ grub_simple_unload_hook, ++ &simple_loader_hooks, ++ flags); ++ ++ simple_loader_hooks.boot = boot; ++ simple_loader_hooks.unload = unload; ++} ++ + void + grub_loader_unset(void) + { + if (grub_loader_loaded && grub_loader_unload_func) +- grub_loader_unload_func (); ++ grub_loader_unload_func (grub_loader_context); + + grub_loader_boot_func = 0; + grub_loader_unload_func = 0; ++ grub_loader_context = 0; + + grub_loader_loaded = 0; + } +@@ -158,7 +208,7 @@ grub_loader_boot (void) + return err; + } + } +- err = (grub_loader_boot_func) (); ++ err = (grub_loader_boot_func) (grub_loader_context); + + for (cur = preboots_tail; cur; cur = cur->prev) + if (! err) +diff --git a/include/grub/loader.h b/include/grub/loader.h +index b20864282..97f231054 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), + grub_err_t (*unload) (void), + int flags); + ++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context), ++ grub_err_t (*unload) (void *context), ++ void *context, ++ int flags); ++ + /* Unset current loader, if any. */ + void EXPORT_FUNC (grub_loader_unset) (void); + +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/determinism.patch b/meta/recipes-bsp/grub/files/determinism.patch index 3c1f562c71..2828e80975 100644 --- a/meta/recipes-bsp/grub/files/determinism.patch +++ b/meta/recipes-bsp/grub/files/determinism.patch @@ -1,6 +1,9 @@ -The output in moddep.lst generated from syminfo.lst using genmoddep.awk is -not deterministic since the order of the dependencies on each line can vary -depending on how awk sorts the values in the array. +From b6f9b3f6fa782807c4a7ec16ee8ef868cdfbf468 Mon Sep 17 00:00:00 2001 +From: Naveen Saini <naveen.kumar.saini@intel.com> +Date: Mon, 15 Mar 2021 14:56:18 +0800 +Subject: [PATCH] The output in moddep.lst generated from syminfo.lst using + genmoddep.awk is not deterministic since the order of the dependencies on + each line can vary depending on how awk sorts the values in the array. Be deterministic in the output by sorting the dependencies on each line. @@ -13,11 +16,29 @@ keys of the dict. Upstream-Status: Pending Richard Purdie <richard.purdie@linuxfoundation.org> +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> +--- + gentpl.py | 1 + + grub-core/genmoddep.awk | 4 +++- + util/import_unicode.py | 2 +- + 3 files changed, 5 insertions(+), 2 deletions(-) -Index: grub-2.04/grub-core/genmoddep.awk -=================================================================== ---- grub-2.04.orig/grub-core/genmoddep.awk -+++ grub-2.04/grub-core/genmoddep.awk +diff --git a/gentpl.py b/gentpl.py +index c86550d4f..589285192 100644 +--- a/gentpl.py ++++ b/gentpl.py +@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platform, suffix, closure): + for group in RMAP[platform]: + for value in defn.find_all(group + suffix): + r.append(closure(value)) ++ r.sort() + return ''.join(r) + + def platform_conditional(platform, closure): +diff --git a/grub-core/genmoddep.awk b/grub-core/genmoddep.awk +index 04c2863e5..247436392 100644 +--- a/grub-core/genmoddep.awk ++++ b/grub-core/genmoddep.awk @@ -59,7 +59,9 @@ END { } modlist = "" @@ -29,22 +50,10 @@ Index: grub-2.04/grub-core/genmoddep.awk modlist = modlist " " depmod; inverse_dependencies[depmod] = inverse_dependencies[depmod] " " mod depcount[mod]++ -Index: grub-2.04/gentpl.py -=================================================================== ---- grub-2.04.orig/gentpl.py -+++ grub-2.04/gentpl.py -@@ -568,6 +568,7 @@ def foreach_platform_value(defn, platfor - for group in RMAP[platform]: - for value in defn.find_all(group + suffix): - r.append(closure(value)) -+ r.sort() - return ''.join(r) - - def platform_conditional(platform, closure): -Index: grub-2.04/util/import_unicode.py -=================================================================== ---- grub-2.04.orig/util/import_unicode.py -+++ grub-2.04/util/import_unicode.py +diff --git a/util/import_unicode.py b/util/import_unicode.py +index 08f80591e..1f434a069 100644 +--- a/util/import_unicode.py ++++ b/util/import_unicode.py @@ -174,7 +174,7 @@ infile.close () outfile.write ("struct grub_unicode_arabic_shape grub_unicode_arabic_shapes[] = {\n ") @@ -54,3 +63,6 @@ Index: grub-2.04/util/import_unicode.py try: if arabicsubst[x]['join'] == "DUAL": outfile.write ("{0x%x, 0x%x, 0x%x, 0x%x, 0x%x},\n " % (arabicsubst[x][0], arabicsubst[x][1], arabicsubst[x][2], arabicsubst[x][3], arabicsubst[x][4])) +-- +2.17.1 + diff --git a/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch new file mode 100644 index 0000000000..a43025d425 --- /dev/null +++ b/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch @@ -0,0 +1,129 @@ +From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Tue, 5 Apr 2022 10:02:04 +0100 +Subject: [PATCH] loader/efi/chainloader: Simplify the loader state + +The chainloader command retains the source buffer and device path passed +to LoadImage(), requiring the unload hook passed to grub_loader_set() to +free them. It isn't required to retain this state though - they aren't +required by StartImage() or anything else in the boot hook, so clean them +up before grub_cmd_chainloader() finishes. + +Signed-off-by: Chris Coulson <chris.coulson@canonical.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 2bd80f4db..d1602c89b 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + static grub_dl_t my_mod; + +-static grub_efi_physical_address_t address; +-static grub_efi_uintn_t pages; +-static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; +-static grub_efi_char16_t *cmdline; + + static grub_err_t + grub_chainloader_unload (void) + { ++ grub_efi_loaded_image_t *loaded_image; + grub_efi_boot_services_t *b; + ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (loaded_image != NULL) ++ grub_free (loaded_image->load_options); ++ + b = grub_efi_system_table->boot_services; + efi_call_1 (b->unload_image, image_handle); +- efi_call_2 (b->free_pages, address, pages); +- +- grub_free (file_path); +- grub_free (cmdline); +- cmdline = 0; +- file_path = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + char *dir_start; + char *dir_end; + grub_size_t size; +- grub_efi_device_path_t *d; ++ grub_efi_device_path_t *d, *file_path; + + dir_start = grub_strchr (filename, ')'); + if (! dir_start) +@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; +- grub_efi_device_path_t *dp = 0; ++ grub_efi_device_path_t *dp = NULL, *file_path = NULL; + grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; + grub_efi_handle_t dev_handle = 0; ++ grub_efi_physical_address_t address = 0; ++ grub_efi_uintn_t pages = 0; ++ grub_efi_char16_t *cmdline = NULL; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + grub_dl_ref (my_mod); + +- /* Initialize some global variables. */ +- address = 0; +- image_handle = 0; +- file_path = 0; +- + b = grub_efi_system_table->boot_services; + + file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); +@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_file_close (file); + grub_device_close (dev); + ++ /* We're finished with the source image buffer and file path now. */ ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + return 0; + +@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (file) + grub_file_close (file); + ++ grub_free (cmdline); + grub_free (file_path); + + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (image_handle != NULL) ++ { ++ efi_call_1 (b->unload_image, image_handle); ++ image_handle = NULL; ++ } ++ + grub_dl_unref (my_mod); + + return grub_errno; +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch deleted file mode 100644 index 2b8157f592..0000000000 --- a/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 8eb02bcb5897b238b29ff762402bb0c3028f0eab Mon Sep 17 00:00:00 2001 -From: Michael Chang <mchang@suse.com> -Date: Thu, 19 Mar 2020 13:56:13 +0800 -Subject: [PATCH 3/9] lvm: Add LVM cache logical volume handling - -The LVM cache logical volume is the logical volume consisting of the original -and the cache pool logical volume. The original is usually on a larger and -slower storage device while the cache pool is on a smaller and faster one. The -performance of the original volume can be improved by storing the frequently -used data on the cache pool to utilize the greater performance of faster -device. - -The default cache mode "writethrough" ensures that any data written will be -stored both in the cache and on the origin LV, therefore grub can be straight -to read the original lv as no data loss is guarenteed. - -The second cache mode is "writeback", which delays writing from the cache pool -back to the origin LV to have increased performance. The drawback is potential -data loss if losing the associated cache device. - -During the boot time grub reads the LVM offline i.e. LVM volumes are not -activated and mounted, hence it should be fine to read directly from original -lv since all cached data should have been flushed back in the process of taking -it offline. - -It is also not much helpful to the situation by adding fsync calls to the -install code. The fsync did not force to write back dirty cache to the original -device and rather it would update associated cache metadata to complete the -write transaction with the cache device. IOW the writes to cached blocks still -go only to the cache device. - -To write back dirty cache, as LVM cache did not support dirty cache flush per -block range, there'no way to do it for file. On the other hand the "cleaner" -policy is implemented and can be used to write back "all" dirty blocks in a -cache, which effectively drain all dirty cache gradually to attain and last in -the "clean" state, which can be useful for shrinking or decommissioning a -cache. The result and effect is not what we are looking for here. - -In conclusion, as it seems no way to enforce file writes to the original -device, grub may suffer from power failure as it cannot assemble the cache -device and read the dirty data from it. However since the case is only -applicable to writeback mode which is sensitive to data lost in nature, I'd -still like to propose my (relatively simple) patch and treat reading dirty -cache as improvement. - -Upstream-Status: Backport [commit 0454b0445393aafc5600e92ef0c39494e333b135 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Michael Chang <mchang@suse.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - grub-core/disk/lvm.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 190 insertions(+) - -diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c -index 7b265c7..dc6b83b 100644 ---- a/grub-core/disk/lvm.c -+++ b/grub-core/disk/lvm.c -@@ -33,6 +33,14 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - -+struct cache_lv -+{ -+ struct grub_diskfilter_lv *lv; -+ char *cache_pool; -+ char *origin; -+ struct cache_lv *next; -+}; -+ - - /* Go the string STR and return the number after STR. *P will point - at the number. In case STR is not found, *P will be NULL and the -@@ -95,6 +103,34 @@ grub_lvm_check_flag (char *p, const char *str, const char *flag) - } - } - -+static void -+grub_lvm_free_cache_lvs (struct cache_lv *cache_lvs) -+{ -+ struct cache_lv *cache; -+ -+ while ((cache = cache_lvs)) -+ { -+ cache_lvs = cache_lvs->next; -+ -+ if (cache->lv) -+ { -+ unsigned int i; -+ -+ for (i = 0; i < cache->lv->segment_count; ++i) -+ if (cache->lv->segments) -+ grub_free (cache->lv->segments[i].nodes); -+ grub_free (cache->lv->segments); -+ grub_free (cache->lv->fullname); -+ grub_free (cache->lv->idname); -+ grub_free (cache->lv->name); -+ } -+ grub_free (cache->lv); -+ grub_free (cache->origin); -+ grub_free (cache->cache_pool); -+ grub_free (cache); -+ } -+} -+ - static struct grub_diskfilter_vg * - grub_lvm_detect (grub_disk_t disk, - struct grub_diskfilter_pv_id *id, -@@ -242,6 +278,8 @@ grub_lvm_detect (grub_disk_t disk, - - if (! vg) - { -+ struct cache_lv *cache_lvs = NULL; -+ - /* First time we see this volume group. We've to create the - whole volume group structure. */ - vg = grub_malloc (sizeof (*vg)); -@@ -671,6 +709,106 @@ grub_lvm_detect (grub_disk_t disk, - seg->nodes[seg->node_count - 1].name = tmp; - } - } -+ else if (grub_memcmp (p, "cache\"", -+ sizeof ("cache\"") - 1) == 0) -+ { -+ struct cache_lv *cache = NULL; -+ -+ char *p2, *p3; -+ grub_size_t sz; -+ -+ cache = grub_zalloc (sizeof (*cache)); -+ if (!cache) -+ goto cache_lv_fail; -+ cache->lv = grub_zalloc (sizeof (*cache->lv)); -+ if (!cache->lv) -+ goto cache_lv_fail; -+ grub_memcpy (cache->lv, lv, sizeof (*cache->lv)); -+ -+ if (lv->fullname) -+ { -+ cache->lv->fullname = grub_strdup (lv->fullname); -+ if (!cache->lv->fullname) -+ goto cache_lv_fail; -+ } -+ if (lv->idname) -+ { -+ cache->lv->idname = grub_strdup (lv->idname); -+ if (!cache->lv->idname) -+ goto cache_lv_fail; -+ } -+ if (lv->name) -+ { -+ cache->lv->name = grub_strdup (lv->name); -+ if (!cache->lv->name) -+ goto cache_lv_fail; -+ } -+ -+ skip_lv = 1; -+ -+ p2 = grub_strstr (p, "cache_pool = \""); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p2 = grub_strchr (p2, '"'); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p3 = ++p2; -+ p3 = grub_strchr (p3, '"'); -+ if (!p3) -+ goto cache_lv_fail; -+ -+ sz = p3 - p2; -+ -+ cache->cache_pool = grub_malloc (sz + 1); -+ if (!cache->cache_pool) -+ goto cache_lv_fail; -+ grub_memcpy (cache->cache_pool, p2, sz); -+ cache->cache_pool[sz] = '\0'; -+ -+ p2 = grub_strstr (p, "origin = \""); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p2 = grub_strchr (p2, '"'); -+ if (!p2) -+ goto cache_lv_fail; -+ -+ p3 = ++p2; -+ p3 = grub_strchr (p3, '"'); -+ if (!p3) -+ goto cache_lv_fail; -+ -+ sz = p3 - p2; -+ -+ cache->origin = grub_malloc (sz + 1); -+ if (!cache->origin) -+ goto cache_lv_fail; -+ grub_memcpy (cache->origin, p2, sz); -+ cache->origin[sz] = '\0'; -+ -+ cache->next = cache_lvs; -+ cache_lvs = cache; -+ break; -+ -+ cache_lv_fail: -+ if (cache) -+ { -+ grub_free (cache->origin); -+ grub_free (cache->cache_pool); -+ if (cache->lv) -+ { -+ grub_free (cache->lv->fullname); -+ grub_free (cache->lv->idname); -+ grub_free (cache->lv->name); -+ } -+ grub_free (cache->lv); -+ grub_free (cache); -+ } -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } - else - { - #ifdef GRUB_UTIL -@@ -747,6 +885,58 @@ grub_lvm_detect (grub_disk_t disk, - } - - } -+ -+ { -+ struct cache_lv *cache; -+ -+ for (cache = cache_lvs; cache; cache = cache->next) -+ { -+ struct grub_diskfilter_lv *lv; -+ -+ for (lv = vg->lvs; lv; lv = lv->next) -+ if (grub_strcmp (lv->name, cache->origin) == 0) -+ break; -+ if (lv) -+ { -+ cache->lv->segments = grub_malloc (lv->segment_count * sizeof (*lv->segments)); -+ if (!cache->lv->segments) -+ { -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } -+ grub_memcpy (cache->lv->segments, lv->segments, lv->segment_count * sizeof (*lv->segments)); -+ -+ for (i = 0; i < lv->segment_count; ++i) -+ { -+ struct grub_diskfilter_node *nodes = lv->segments[i].nodes; -+ grub_size_t node_count = lv->segments[i].node_count; -+ -+ cache->lv->segments[i].nodes = grub_malloc (node_count * sizeof (*nodes)); -+ if (!cache->lv->segments[i].nodes) -+ { -+ for (j = 0; j < i; ++j) -+ grub_free (cache->lv->segments[j].nodes); -+ grub_free (cache->lv->segments); -+ cache->lv->segments = NULL; -+ grub_lvm_free_cache_lvs (cache_lvs); -+ goto fail4; -+ } -+ grub_memcpy (cache->lv->segments[i].nodes, nodes, node_count * sizeof (*nodes)); -+ } -+ -+ if (cache->lv->segments) -+ { -+ cache->lv->segment_count = lv->segment_count; -+ cache->lv->vg = vg; -+ cache->lv->next = vg->lvs; -+ vg->lvs = cache->lv; -+ cache->lv = NULL; -+ } -+ } -+ } -+ } -+ -+ grub_lvm_free_cache_lvs (cache_lvs); - if (grub_diskfilter_vg_register (vg)) - goto fail4; - } --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch deleted file mode 100644 index 29021e8d8f..0000000000 --- a/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 06c361a71c4998635493610e5d76d0d223925251 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Mon, 15 Jun 2020 10:58:42 -0400 -Subject: [PATCH 5/9] safemath: Add some arithmetic primitives that check for - overflow - -This adds a new header, include/grub/safemath.h, that includes easy to -use wrappers for __builtin_{add,sub,mul}_overflow() declared like: - - bool OP(a, b, res) - -where OP is grub_add, grub_sub or grub_mul. OP() returns true in the -case where the operation would overflow and res is not modified. -Otherwise, false is returned and the operation is executed. - -These arithmetic primitives require newer compiler versions. So, bump -these requirements in the INSTALL file too. - -Upstream-Status: Backport [commit 68708c4503018d61dbcce7ac11cbb511d6425f4d -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Peter Jones <pjones@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -[YL: omit the change to INSTALL from original patch] -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - include/grub/compiler.h | 8 ++++++++ - include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ - 2 files changed, 45 insertions(+) - create mode 100644 include/grub/safemath.h - -diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index c9e1d7a..8f3be3a 100644 ---- a/include/grub/compiler.h -+++ b/include/grub/compiler.h -@@ -48,4 +48,12 @@ - # define WARN_UNUSED_RESULT - #endif - -+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) -+# define CLANG_PREREQ(maj,min) \ -+ ((__clang_major__ > (maj)) || \ -+ (__clang_major__ == (maj) && __clang_minor__ >= (min))) -+#else -+# define CLANG_PREREQ(maj,min) 0 -+#endif -+ - #endif /* ! GRUB_COMPILER_HEADER */ -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -new file mode 100644 -index 0000000..c17b89b ---- /dev/null -+++ b/include/grub/safemath.h -@@ -0,0 +1,37 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>. -+ * -+ * Arithmetic operations that protect against overflow. -+ */ -+ -+#ifndef GRUB_SAFEMATH_H -+#define GRUB_SAFEMATH_H 1 -+ -+#include <grub/compiler.h> -+ -+/* These appear in gcc 5.1 and clang 3.8. */ -+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) -+ -+#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) -+#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) -+#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) -+ -+#else -+#error gcc 5.1 or newer or clang 3.8 or newer is required -+#endif -+ -+#endif /* GRUB_SAFEMATH_H */ --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch deleted file mode 100644 index 84a80d5ffd..0000000000 --- a/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e219bad8cee67b2bb21712df8f055706f8da25d2 Mon Sep 17 00:00:00 2001 -From: Chris Coulson <chris.coulson@canonical.com> -Date: Fri, 10 Jul 2020 11:21:14 +0100 -Subject: [PATCH 7/9] script: Remove unused fields from grub_script_function - struct - -Upstream-Status: Backport [commit 1a8d9c9b4ab6df7669b5aa36a56477f297825b96 -from https://git.savannah.gnu.org/git/grub.git] - -Signed-off-by: Chris Coulson <chris.coulson@canonical.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> ---- - include/grub/script_sh.h | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h -index 360c2be..b382bcf 100644 ---- a/include/grub/script_sh.h -+++ b/include/grub/script_sh.h -@@ -359,13 +359,8 @@ struct grub_script_function - /* The script function. */ - struct grub_script *func; - -- /* The flags. */ -- unsigned flags; -- - /* The next element. */ - struct grub_script_function *next; -- -- int references; - }; - typedef struct grub_script_function *grub_script_function_t; - --- -2.14.4 - diff --git a/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch new file mode 100644 index 0000000000..2db9bcbbc5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch @@ -0,0 +1,693 @@ +From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001 +From: Elyes Haouas <ehaouas@noos.fr> +Date: Fri, 4 Mar 2022 07:42:13 +0100 +Subject: [PATCH] video: Remove trailing whitespaces + +Signed-off-by: Elyes Haouas <ehaouas@noos.fr> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/bochs.c | 2 +- + grub-core/video/capture.c | 2 +- + grub-core/video/cirrus.c | 4 ++-- + grub-core/video/coreboot/cbfb.c | 2 +- + grub-core/video/efi_gop.c | 22 +++++++++---------- + grub-core/video/fb/fbblit.c | 8 +++---- + grub-core/video/fb/video_fb.c | 10 ++++----- + grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- + grub-core/video/i386/pc/vga.c | 6 ++--- + grub-core/video/ieee1275.c | 4 ++-- + grub-core/video/radeon_fuloong2e.c | 6 ++--- + grub-core/video/radeon_yeeloong3a.c | 6 ++--- + grub-core/video/readers/png.c | 2 +- + grub-core/video/readers/tga.c | 2 +- + grub-core/video/sis315_init.c | 2 +- + grub-core/video/sis315pro.c | 8 +++---- + grub-core/video/sm712.c | 10 ++++----- + grub-core/video/video.c | 8 +++---- + 18 files changed, 69 insertions(+), 69 deletions(-) + +diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c +index 30ea1bd82..edc651697 100644 +--- a/grub-core/video/bochs.c ++++ b/grub-core/video/bochs.c +@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + + if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) + return 0; +- ++ + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); + framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; + if (!framebuffer.base) +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4d3195e01..c653d89f9 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; +- ++ + err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, + &framebuffer.mode_info, + framebuffer.ptr); +diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c +index e2149e8ce..f5542ccdc 100644 +--- a/grub-core/video/cirrus.c ++++ b/grub-core/video/cirrus.c +@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, + grub_uint8_t sr_ext = 0, hidden_dac = 0; + + grub_vga_set_geometry (&config, grub_vga_cr_write); +- ++ + grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, + GRUB_VGA_GR_MODE); + grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); +- ++ + grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); + + grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) +diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c +index 9af81fa5b..986003c51 100644 +--- a/grub-core/video/coreboot/cbfb.c ++++ b/grub-core/video/coreboot/cbfb.c +@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, + + grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index b7590dc6c..7a5054631 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; + struct grub_video_mode_info mode_info; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + + if (status) +@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + found = 1; + } + } +- ++ + if (!found) + { + unsigned mode; +@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_efi_uintn_t size; + grub_efi_status_t status; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + if (status) + { +@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen + = grub_malloc (framebuffer.mode_info.height +- * framebuffer.mode_info.width ++ * framebuffer.mode_info.width + * sizeof (struct grub_efi_gop_blt_pixel)); + + buffer = framebuffer.offscreen; +- ++ + if (!buffer) + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); +@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + &framebuffer.mode_info); + buffer = framebuffer.ptr; + } +- ++ + grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", + framebuffer.ptr, framebuffer.mode_info.width, + framebuffer.mode_info.height, framebuffer.mode_info.bpp); +- ++ + err = grub_video_fb_create_render_target_from_pointer + (&framebuffer.render_target, &framebuffer.mode_info, buffer); + +@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't create FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + { + grub_dprintf ("video", "GOP: Couldn't set FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't set palette\n"); + else + grub_dprintf ("video", "GOP: Success\n"); +- ++ + return err; + } + +diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c +index d55924837..1010ef393 100644 +--- a/grub-core/video/fb/fbblit.c ++++ b/grub-core/video/fb/fbblit.c +@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr == 0xf0) ++ if (*srcptr == 0xf0) + col = palette[16]; + else + col = palette[*srcptr & 0xf]; +@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + srcptr++; + } + +@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr != 0xf0) ++ if (*srcptr != 0xf0) + { + col = palette[*srcptr & 0xf]; + #ifdef GRUB_CPU_WORDS_BIGENDIAN +@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + } + else + dstptr += 3; +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index ae6b89f9a..fa4ebde26 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, + *alpha = 0; + return; + } +- ++ + /* If we have an out-of-bounds color, return transparent black. */ + if (color > 255) + { +@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + /* If everything is aligned on 32-bit use 32-bit copy. */ + if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint32_t) == 0 +- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) ++ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) + % sizeof (grub_uint32_t) == 0 + && linelen % sizeof (grub_uint32_t) == 0 + && linedelta % sizeof (grub_uint32_t) == 0) +@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint16_t) == 0 + && (grub_addr_t) grub_video_fb_get_video_ptr (&target, +- dst_x, dst_y) ++ dst_x, dst_y) + % sizeof (grub_uint16_t) == 0 + && linelen % sizeof (grub_uint16_t) == 0 + && linedelta % sizeof (grub_uint16_t) == 0) +@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + { + grub_uint8_t *src, *dst; + DO_SCROLL +- } ++ } + } + + /* 4. Fill empty space with specified color. In this implementation +@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, + framebuffer.render_target = framebuffer.back_target; + return GRUB_ERR_NONE; + } +- ++ + mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED + | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); + +diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c +index b7f911926..0e65b5206 100644 +--- a/grub-core/video/i386/pc/vbe.c ++++ b/grub-core/video/i386/pc/vbe.c +@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) + } + + /* Call VESA BIOS 0x4f09 to set palette data, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + grub_uint32_t start_index, + struct grub_vbe_palette_data *palette_data) +@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + } + + /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + { + struct grub_bios_int_registers regs; +@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + } + + /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode_info (grub_uint32_t mode, + struct grub_vbe_mode_info_block *mode_info) + { +@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, + } + + /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode (grub_uint32_t *mode) + { + struct grub_bios_int_registers regs; +@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) + return regs.eax & 0xffff; + } + +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) + { + struct grub_bios_int_registers regs; +@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, + } + + /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_set_scanline_length (grub_uint32_t length) + { + struct grub_bios_int_registers regs; +@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) + regs.ecx = length; + regs.eax = 0x4f06; + /* BL = 2, Set Scan Line in Bytes. */ +- regs.ebx = 0x0002; ++ regs.ebx = 0x0002; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + return regs.eax & 0xffff; + } + + /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + { + struct grub_bios_int_registers regs; +@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + } + + /* Call VESA BIOS 0x4f07 to set display start, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + { + struct grub_bios_int_registers regs; +@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + regs.edx = y; + regs.eax = 0x4f07; + /* BL = 80h, Set Display Start during Vertical Retrace. */ +- regs.ebx = 0x0080; ++ regs.ebx = 0x0080; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + +@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + } + + /* Call VESA BIOS 0x4f07 to get display start, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_display_start (grub_uint32_t *x, + grub_uint32_t *y) + { +@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, + } + + /* Call VESA BIOS 0x4f0a. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, + grub_uint16_t *length) + { +@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, + case GRUB_VBE_MEMORY_MODEL_YUV: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; + break; +- ++ + case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; + break; +@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, + break; + case 8: + mode_info->bytes_per_pixel = 1; +- break; ++ break; + case 4: + mode_info->bytes_per_pixel = 0; +- break; ++ break; + } + + if (controller_info.version >= 0x300) +@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + + static grub_err_t + grub_video_vbe_setup (unsigned int width, unsigned int height, +- grub_video_mode_type_t mode_type, ++ grub_video_mode_type_t mode_type, + grub_video_mode_type_t mode_mask) + { + grub_uint16_t *p; +@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void) + controller_info.version & 0xFF, + controller_info.oem_software_rev >> 8, + controller_info.oem_software_rev & 0xFF); +- ++ + /* The total_memory field is in 64 KiB units. */ + grub_printf_ (N_(" total memory: %d KiB\n"), + (controller_info.total_memory << 6)); +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index b2f776c99..50d0b5e02 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -48,7 +48,7 @@ static struct + int back_page; + } framebuffer; + +-static unsigned char ++static unsigned char + grub_vga_set_mode (unsigned char mode) + { + struct grub_bios_int_registers regs; +@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + is_target = 1; + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c +index f437fb0df..ca3d3c3b2 100644 +--- a/grub-core/video/ieee1275.c ++++ b/grub-core/video/ieee1275.c +@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + /* TODO. */ + return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); + } +- ++ + err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); + if (err) + { +@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + + grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c +index b4da34b5e..40917acb7 100644 +--- a/grub-core/video/radeon_fuloong2e.c ++++ b/grub-core/video/radeon_fuloong2e.c +@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x515a1002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + framebuffer.mapped = 1; + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0x55, ++ grub_memset (framebuffer.ptr, 0x55, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c +index 52614feb6..48631c181 100644 +--- a/grub-core/video/radeon_yeeloong3a.c ++++ b/grub-core/video/radeon_yeeloong3a.c +@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x96151002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + #endif + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff742..54dfedf43 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- ++ + if (data->is_gray) + { + switch (data->bpp) +diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c +index 7cb9d1d2a..a9ec3a1b6 100644 +--- a/grub-core/video/readers/tga.c ++++ b/grub-core/video/readers/tga.c +@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) + + if (len > sizeof (data->palette)) + len = sizeof (data->palette); +- ++ + if (grub_file_read (data->file, &data->palette, len) + != (grub_ssize_t) len) + return grub_errno; +diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c +index ae5c1419c..09c3c7bbe 100644 +--- a/grub-core/video/sis315_init.c ++++ b/grub-core/video/sis315_init.c +@@ -1,4 +1,4 @@ +-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = ++static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = + { + { 0x28, 0x81 }, + { 0x2a, 0x00 }, +diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c +index 22a0c85a6..4d2f9999a 100644 +--- a/grub-core/video/sis315pro.c ++++ b/grub-core/video/sis315pro.c +@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SIS315PRO_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + + #ifndef TEST + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + grub_arch_sync_dma_caches (framebuffer.ptr, + framebuffer.mode_info.height +@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 + | GRUB_VGA_IO_MISC_28MHZ + | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS +- | GRUB_VGA_IO_MISC_COLOR, ++ | GRUB_VGA_IO_MISC_COLOR, + GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); + + grub_vga_sr_write (0x86, 5); +@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + { + if (read_sis_cmd (0x5) != 0xa1) + write_sis_cmd (0x86, 0x5); +- ++ + write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); + write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); + +diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c +index 10c46eb65..65f59f84b 100644 +--- a/grub-core/video/sm712.c ++++ b/grub-core/video/sm712.c +@@ -167,7 +167,7 @@ enum + GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, + GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, + GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, +- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, ++ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, + GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, + GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, + GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, +@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SM712_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + + #if !defined (TEST) && !defined(GENINIT) + /* Prevent garbage from appearing on the screen. */ +- grub_memset ((void *) framebuffer.cached_ptr, 0, ++ grub_memset ((void *) framebuffer.cached_ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + #endif + +@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + grub_sm712_sr_write (0x2, 0x6b); + grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); + grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); +- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY ++ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY + | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY + | GRUB_VGA_IO_MISC_UPPER_64K + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 +@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) + grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, + dda_lookups[i].vcentering); +- ++ + /* Undocumented */ + grub_sm712_cr_write (0, 0x9c); + grub_sm712_cr_write (0, 0x9d); +diff --git a/grub-core/video/video.c b/grub-core/video/video.c +index 983424107..8937da745 100644 +--- a/grub-core/video/video.c ++++ b/grub-core/video/video.c +@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + current_mode); + + param++; +- ++ + *width = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Find height value. */ + value = param; + param = grub_strchr(param, 'x'); +@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + { + /* We have optional color depth value. */ + param++; +- ++ + *height = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Convert color depth value. */ + value = param; + *depth = grub_strtoul (value, 0, 0); +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000000..0c7deae858 --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -0,0 +1,264 @@ +From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index c47ffd651..806c56c78 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000000..91ecaad98a --- /dev/null +++ b/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -0,0 +1,53 @@ +From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of + streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens <dja@axtens.net> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf + +Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 2284a6c06..579bbe8a4 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/grub-bootconf_1.00.bb b/meta/recipes-bsp/grub/grub-bootconf_1.00.bb index 572580313b..783e30bf38 100644 --- a/meta/recipes-bsp/grub/grub-bootconf_1.00.bb +++ b/meta/recipes-bsp/grub/grub-bootconf_1.00.bb @@ -5,7 +5,7 @@ DESCRIPTION = "Grub might require different configuration file for \ different machines." HOMEPAGE = "https://www.gnu.org/software/grub/manual/grub/grub.html#Configuration" -RPROVIDES_${PN} += "virtual/grub-bootconf" +RPROVIDES:${PN} += "virtual-grub-bootconf" inherit grub-efi-cfg @@ -29,4 +29,4 @@ do_install() { install grub-bootconf ${D}${EFI_FILES_PATH}/grub.cfg } -FILES_${PN} = "${EFI_FILES_PATH}/grub.cfg" +FILES:${PN} = "${EFI_FILES_PATH}/grub.cfg" diff --git a/meta/recipes-bsp/grub/grub-efi_2.04.bb b/meta/recipes-bsp/grub/grub-efi_2.06.bb index f80afd95cb..9857e8e036 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.04.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.06.bb @@ -4,8 +4,8 @@ require conf/image-uefi.conf GRUBPLATFORM = "efi" -DEPENDS_append = " grub-native" -RDEPENDS_${PN} = "grub-common virtual/grub-bootconf" +DEPENDS:append = " grub-native" +RDEPENDS:${PN} = "grub-common virtual-grub-bootconf" SRC_URI += " \ file://cfg \ @@ -46,11 +46,21 @@ EXTRA_OECONF += "--enable-efiemu=no" do_mkimage() { cd ${B} + + GRUB_MKIMAGE_MODULES="${GRUB_BUILDIN}" + + # If 'all' is included in GRUB_BUILDIN we will include all available grub2 modules + if [ "${@ bb.utils.contains('GRUB_BUILDIN', 'all', 'True', 'False', d)}" = "True" ]; then + bbdebug 1 "Including all available modules" + # Get the list of all .mod files in grub-core build directory + GRUB_MKIMAGE_MODULES=$(find ${B}/grub-core/ -type f -name "*.mod" -exec basename {} .mod \;) + fi + # Search for the grub.cfg on the local boot media by using the # built in cfg file provided via this recipe - grub-mkimage -c ../cfg -p ${EFIDIR} -d ./grub-core/ \ + grub-mkimage -v -c ../cfg -p ${EFIDIR} -d ./grub-core/ \ -O ${GRUB_TARGET}-efi -o ./${GRUB_IMAGE_PREFIX}${GRUB_IMAGE} \ - ${GRUB_BUILDIN} + ${GRUB_MKIMAGE_MODULES} } addtask mkimage before do_install after do_compile @@ -70,28 +80,26 @@ do_install() { install -m 644 ${B}/${GRUB_IMAGE_PREFIX}${GRUB_IMAGE} ${D}${EFI_FILES_PATH}/${GRUB_IMAGE} } -do_install_append_aarch64() { - rm -rf ${D}/${prefix}/ -} - +# To include all available modules, add 'all' to GRUB_BUILDIN GRUB_BUILDIN ?= "boot linux ext2 fat serial part_msdos part_gpt normal \ efi_gop iso9660 configfile search loadenv test" +# 'xen_boot' is a module valid only for aarch64 +GRUB_BUILDIN:append:aarch64 = "${@bb.utils.contains('DISTRO_FEATURES', 'xen', ' xen_boot', '', d)}" + do_deploy() { install -m 644 ${B}/${GRUB_IMAGE_PREFIX}${GRUB_IMAGE} ${DEPLOYDIR} } addtask deploy after do_install before do_build -FILES_${PN} = "${libdir}/grub/${GRUB_TARGET}-efi \ +FILES:${PN} = "${libdir}/grub/${GRUB_TARGET}-efi \ ${datadir}/grub \ ${EFI_FILES_PATH}/${GRUB_IMAGE} \ " -FILES_${PN}_remove_aarch64 = "${libdir}/grub/${GRUB_TARGET}-efi" - # 64-bit binaries are expected for the bootloader with an x32 userland -INSANE_SKIP_${PN}_append_linux-gnux32 = " arch" -INSANE_SKIP_${PN}-dbg_append_linux-gnux32 = " arch" -INSANE_SKIP_${PN}_append_linux-muslx32 = " arch" -INSANE_SKIP_${PN}-dbg_append_linux-muslx32 = " arch" +INSANE_SKIP:${PN}:append:linux-gnux32 = " arch" +INSANE_SKIP:${PN}-dbg:append:linux-gnux32 = " arch" +INSANE_SKIP:${PN}:append:linux-muslx32 = " arch" +INSANE_SKIP:${PN}-dbg:append:linux-muslx32 = " arch" diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 49c869b5dc..bf7aba6b1c 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -8,7 +8,7 @@ standard, which allows for flexible loading of multiple boot images." HOMEPAGE = "http://www.gnu.org/software/grub/" SECTION = "bootloaders" -LICENSE = "GPLv3" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" CVE_PRODUCT = "grub2" @@ -18,37 +18,60 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://autogen.sh-exclude-pc.patch \ file://grub-module-explicitly-keeps-symbole-.module_license.patch \ file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ - file://CVE-2020-10713.patch \ - file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \ - file://lvm-Add-LVM-cache-logical-volume-handling.patch \ - file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \ - file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \ - file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \ - file://script-Remove-unused-fields-from-grub_script_functio.patch \ - file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \ - file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \ file://determinism.patch \ + file://0001-RISC-V-Restore-the-typcast-to-long.patch \ + file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ + file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ + file://video-Remove-trailing-whitespaces.patch \ + file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ + file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ + file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ + file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ + file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ + file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ + file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ + file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ + file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ + file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \ + file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \ + file://loader-efi-chainloader-Simplify-the-loader-state.patch \ + file://commands-boot-Add-API-to-pass-context-to-loader.patch \ + file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\ + file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " -SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" -SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" + +SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" + +# Applies only to RHEL +CVE_CHECK_IGNORE += "CVE-2019-14865" +# Applies only to SUSE +CVE_CHECK_IGNORE += "CVE-2021-46705" DEPENDS = "flex-native bison-native gettext-native" -COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*|riscv.*)-(linux.*|freebsd.*)' -COMPATIBLE_HOST_armv7a = 'null' -COMPATIBLE_HOST_armv7ve = 'null' +GRUB_COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*|riscv.*)-(linux.*|freebsd.*)' +COMPATIBLE_HOST = "${GRUB_COMPATIBLE_HOST}" +# Grub doesn't support hard float toolchain and won't be able to forcefully +# disable it on some of the target CPUs. See 'configure.ac' for +# supported/unsupported CPUs in hardfp. +COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" +COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}" # configure.ac has code to set this automagically from the target tuple # but the OE freeform one (core2-foo-bar-linux) don't work with that. -GRUBPLATFORM_arm = "efi" -GRUBPLATFORM_aarch64 = "efi" -GRUBPLATFORM_riscv32 = "efi" -GRUBPLATFORM_riscv64 = "efi" +GRUBPLATFORM:arm = "efi" +GRUBPLATFORM:aarch64 = "efi" +GRUBPLATFORM:riscv32 = "efi" +GRUBPLATFORM:riscv64 = "efi" GRUBPLATFORM ??= "pc" inherit autotools gettext texinfo pkgconfig +CFLAGS:remove = "-O2" + EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \ --disable-grub-mkfont \ --program-prefix="" \ @@ -73,7 +96,7 @@ BUILD_LDFLAGS = "" export PYTHON = "python3" -do_configure_prepend() { +do_configure:prepend() { cd ${S} FROM_BOOTSTRAP=1 ${S}/autogen.sh cd ${B} diff --git a/meta/recipes-bsp/grub/grub_2.04.bb b/meta/recipes-bsp/grub/grub_2.04.bb deleted file mode 100644 index f2942b9e37..0000000000 --- a/meta/recipes-bsp/grub/grub_2.04.bb +++ /dev/null @@ -1,38 +0,0 @@ -require grub2.inc - -RDEPENDS_${PN}-common += "${PN}-editenv" -RDEPENDS_${PN} += "${PN}-common" -RDEPENDS_${PN}_class-native = "" - -RPROVIDES_${PN}-editenv += "${PN}-efi-editenv" - -PROVIDES_append_class-native = " grub-efi-native" - -PACKAGES =+ "${PN}-editenv ${PN}-common" -FILES_${PN}-editenv = "${bindir}/grub-editenv" -FILES_${PN}-common = " \ - ${bindir} \ - ${sysconfdir} \ - ${sbindir} \ - ${datadir}/grub \ -" - -FILES_${PN}-common_append_aarch64 = " \ - ${libdir}/${BPN} \ -" - -do_install_append () { - install -d ${D}${sysconfdir}/grub.d - # Remove build host references... - find "${D}" -name modinfo.sh -type f -exec \ - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ - {} + -} - -INSANE_SKIP_${PN} = "arch" -INSANE_SKIP_${PN}-dbg = "arch" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-bsp/grub/grub_2.06.bb b/meta/recipes-bsp/grub/grub_2.06.bb new file mode 100644 index 0000000000..05d462785c --- /dev/null +++ b/meta/recipes-bsp/grub/grub_2.06.bb @@ -0,0 +1,41 @@ +require grub2.inc + +RDEPENDS:${PN}-common += "${PN}-editenv" +RDEPENDS:${PN} += "${PN}-common" +RDEPENDS:${PN}:class-native = "" + +RPROVIDES:${PN}-editenv += "${PN}-efi-editenv" + +PROVIDES:append:class-native = " grub-efi-native" + +PACKAGES =+ "${PN}-editenv ${PN}-common" +FILES:${PN}-editenv = "${bindir}/grub-editenv" +FILES:${PN}-common = " \ + ${bindir} \ + ${sysconfdir} \ + ${sbindir} \ + ${datadir}/grub \ +" +ALLOW_EMPTY:${PN} = "1" + +do_install:append () { + # Avoid conflicts with the EFI package for systems such as arm64 where we + # need to build grub and grub-efi but only EFI is supported by removing EFI + # from this package. + rm -rf ${D}${libdir}/grub/*-efi/ + rmdir --ignore-fail-on-non-empty ${D}${libdir}/grub ${D}${libdir} + + install -d ${D}${sysconfdir}/grub.d + # Remove build host references... + find "${D}" -name modinfo.sh -type f -exec \ + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ + {} + +} + +INSANE_SKIP:${PN} = "arch" +INSANE_SKIP:${PN}-dbg = "arch" + +BBCLASSEXTEND = "native nativesdk" |