git.proxmox.com Git - grub2.git/commit

author	Alec Brown <alec.r.brown@oracle.com>
	Thu, 27 Oct 2022 00:16:44 +0000 (20:16 -0400)
committer	Steve McIntyre <93sam@debian.org>
	Sat, 12 Nov 2022 22:51:49 +0000 (22:51 +0000)
commit	85856560d5751b7a77529e6fbf9acd2714e31cec
tree	d042b03e73b915e8f874d0bf2d97512873454a4f	tree
parent	cff73ced22426ef1b481918dfee99a11e8e6653e	commit \| diff

video/readers: Add artificial limit to image dimensions

In grub-core/video/readers/jpeg.c, the height and width of a JPEG image don't
have an upper limit for how big the JPEG image can be. In Coverity, this is
getting flagged as an untrusted loop bound. This issue can also seen in PNG and
TGA format images as well but Coverity isn't flagging it. To prevent this, the
constant IMAGE_HW_MAX_PX is being added to include/grub/bitmap.h, which has
a value of 16384, to act as an artificial limit and restrict the height and
width of images. This value was picked as it is double the current max
resolution size, which is 8K.

Fixes: CID 292450
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

debian/patches/cve_2022_2601/0001-video-readers-Add-artificial-limit-to-image-dimensio.patch	[new file with mode: 0644]	blob
docs/grub.texi		diff \| blob \| blame \| history
grub-core/video/readers/jpeg.c		diff \| blob \| blame \| history
grub-core/video/readers/png.c		diff \| blob \| blame \| history
grub-core/video/readers/tga.c		diff \| blob \| blame \| history
include/grub/bitmap.h		diff \| blob \| blame \| history