Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substit

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substit

From:	Daniel Kiper
Subject:	Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substitutions
Date:	Thu, 7 Jul 2022 20:58:14 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

On Thu, Jul 07, 2022 at 03:34:38PM +0000, Darren Kenny wrote:
> With gsub substitutions the offsets should be validated against the
> the number of glyphs in a font face and the memory allocated for the gsub
> substitution data.
>
> Both the number of glyphs and the last address in the allocated data are
> passed in to process_cursive(), where the number of glyphs validates the end
> of the range.
>
> Enabling memory allocation validation uses two macros, one to simply check the
> address against the allocated space, and the other to check that the number of
> items of a given size doesn't extend outside of the allocated space.
>
> Fixes: CID 73770
> Fixes: CID 314040
>
> Signed-off-by: Darren Kenny <darren.kenny@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substitutions, Darren Kenny, 2022/07/07
- Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substitutions, Daniel Kiper <=

Prev by Date: Re: [PATCH v2] configure.ac: warn if stack-protector not allowed
Next by Date: [PATCH v3] configure.ac: warn if stack-protector not allowed
Previous by thread: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substitutions
Next by thread: [PATCH v3] configure.ac: warn if stack-protector not allowed
Index(es):
- Date
- Thread