summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2020-12-08 16:59:27 -0800
committerCommit Bot <commit-bot@chromium.org>2020-12-16 00:39:29 +0000
commitaf02768dace900e7e62d6788b4ff81b57b3e0a79 (patch)
tree012e67db92ee97a61df1d6b285f309e862df5446
parentfb25edf13402ef3be8935c7d3dc1416efff49c5b (diff)
downloadvboot-firmware-volteer-13672.81.B.tar.gz
cgptlib: Always zero-initialize GPT entries buffersfirmware-volteer-13672.81.Bfirmware-volteer-13672.47.Bfirmware-volteer-13672.39.B
ClusterFuzz still managed to find cases where we try to CRC a GPT entries buffer that wasn't initialized. Not that that's really an issue or anything... but this patch should shut it up. BRANCH=none BUG=chromium:1155876 TEST=none Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110 Reviewed-by: Joel Kitching <kitching@chromium.org>
Diffstat
-rw-r--r--firmware/lib/gpt_misc.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/firmware/lib/gpt_misc.c b/firmware/lib/gpt_misc.c
index a0b0122c..641ef37b 100644
--- a/firmware/lib/gpt_misc.c
+++ b/firmware/lib/gpt_misc.c
@@ -35,6 +35,11 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
gptdata->primary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);
gptdata->secondary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);
+ /* In some cases we try to validate header1 with entries2 or vice versa,
+ so make sure the entries buffers always got fully initialized. */
+ memset(gptdata->primary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+ memset(gptdata->secondary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+
if (gptdata->primary_header == NULL ||
gptdata->secondary_header == NULL ||
gptdata->primary_entries == NULL ||
@@ -66,7 +71,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
entries_sectors,
gptdata->primary_entries)) {
VB2_DEBUG("Read error in primary GPT entries\n");
- memset(gptdata->primary_entries, 0, entries_bytes);
primary_valid = 0;
}
} else {
@@ -103,7 +107,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
entries_sectors,
gptdata->secondary_entries)) {
VB2_DEBUG("Read error in secondary GPT entries\n");
- memset(gptdata->secondary_entries, 0, entries_bytes);
secondary_valid = 0;
}
} else {
View Lorry Controller Status