diff options
| author | Mikhail Ilin <ilin.mikhail.ol@gmail.com> | 2022-11-22 10:33:24 +0300 |
|---|---|---|
| committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-11-22 11:54:30 +0100 |
| commit | ae182a25f5777f957a2c56539221abcb5648c5c6 (patch) | |
| tree | ddf29b4f6ef1794194768677f4ae79c1715b3b35 /lib/efi_loader/efi_unicode_collation.c | |
| parent | 16e49a14b2af1421cbaeefb9ce8ee863e45fd71b (diff) | |
efi_loader: Fix buffer underflow
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Negative index in efi_unicode_collation.c:262.
The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.
Fixes: 0bc4b0da7b59 ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Diffstat (limited to 'lib/efi_loader/efi_unicode_collation.c')
| -rw-r--r-- | lib/efi_loader/efi_unicode_collation.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_unicode_collation.c b/lib/efi_loader/efi_unicode_collation.c index 36be798f64b..c4c75720634 100644 --- a/lib/efi_loader/efi_unicode_collation.c +++ b/lib/efi_loader/efi_unicode_collation.c @@ -257,7 +257,7 @@ static void EFIAPI efi_fat_to_str(struct efi_unicode_collation_protocol *this, for (i = 0; i < fat_size; ++i) { c = (unsigned char)fat[i]; if (c > 0x80) - c = codepage[i - 0x80]; + c = codepage[c - 0x80]; string[i] = c; if (!c) break; |