From 7a2cb0228c2f1b7d95f6be7a751d1074d03e9cb5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Mar 2019 14:16:40 +0100 Subject: [PATCH] boot: avoid 32-bit calculation for a 64-bit lvalue Coverity CID#1399116: > Potentially overflowing expression > gpt_header_buffer.gpt_header.SizeOfPartitionEntry * gpt_header_buffer.gpt_header.NumberOfPartitionEntries > with type unsigned int (32 bits, unsigned) is evaluated using 32-bit > arithmetic, and then used in a context that expects an expression of type > UINTN (64 bits, unsigned). Let's import the ALIGN_TO macro to sd-boot and use it to avoid the issue. --- src/boot/efi/boot.c | 5 ++++- src/boot/efi/util.h | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index ca9ce671d1..7b3e782454 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -2080,8 +2080,11 @@ static VOID config_load_xbootldr( h->NumberOfPartitionEntries > 1024) continue; + if (h->SizeOfPartitionEntry > UINTN_MAX / h->NumberOfPartitionEntries) /* overflow check */ + continue; + /* Now load the GPT entry table */ - sz = ((h->SizeOfPartitionEntry * h->NumberOfPartitionEntries + 511) / 512) * 512; + sz = ALIGN_TO((UINTN) h->SizeOfPartitionEntry * (UINTN) h->NumberOfPartitionEntries, 512); entries = AllocatePool(sz); r = uefi_call_wrapper(block_io->ReadBlocks, 5, diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index 8c5e35ad25..cef127f400 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -7,6 +7,10 @@ #define ELEMENTSOF(x) (sizeof(x)/sizeof((x)[0])) #define OFFSETOF(x,y) __builtin_offsetof(x,y) +static inline UINTN ALIGN_TO(UINTN l, UINTN ali) { + return ((l + ali - 1) & ~(ali - 1)); +} + static inline const CHAR16 *yes_no(BOOLEAN b) { return b ? L"yes" : L"no"; } -- 2.25.1