lib/relocator: Fix OOB write when initializing lo->freebytes[] Fixes: CID 96636 Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>

commit: 9dbfbcd660470c3b951d15af0f6ce5a423185ad2 [log] [tgz]
author: Daniel Kiper <daniel.kiper@oracle.com> Fri Jun 23 00:02:24 2023 +0200
committer: Daniel Kiper <daniel.kiper@oracle.com> Fri Jun 23 00:50:39 2023 +0200
tree: 5dedfffa5b70bad5c546b22c0cb26eafbacda3a9
parent: 5658f35af97d34af5c8013ce3e206c82e422d67f [diff]
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 568fc0b..e0478ae 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c

@@ -881,9 +881,11 @@
 			offend = GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
 		      lo->freebytes[offstart / 8]
 			&= ((1 << (8 - (start % 8))) - 1);
-		      grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
-				   offend / 8 - (offstart + 7) / 8);
-		      lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+		      if (offend / 8 > (offstart + 7) / 8)
+			grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+				     offend / 8 - (offstart + 7) / 8);
+		      if (offend < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT)
+			lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
 		    }
 		    break;
 #endif
commit	9dbfbcd660470c3b951d15af0f6ce5a423185ad2	[log] [tgz]
author	Daniel Kiper <daniel.kiper@oracle.com>	Fri Jun 23 00:02:24 2023 +0200
committer	Daniel Kiper <daniel.kiper@oracle.com>	Fri Jun 23 00:50:39 2023 +0200
tree	5dedfffa5b70bad5c546b22c0cb26eafbacda3a9
parent	5658f35af97d34af5c8013ce3e206c82e422d67f [diff]