bc092b9
From 79688d11f84464be361d3621de2af0ffd243f155 Mon Sep 17 00:00:00 2001
475000b
From: Laszlo Ersek <lersek@redhat.com>
475000b
Date: Mon, 21 Nov 2016 15:34:00 +0100
bc092b9
Subject: [PATCH 149/176] efi/chainloader: fix wrong sanity check in
475000b
 relocate_coff()
475000b
475000b
In relocate_coff(), the relocation entries are parsed from the original
475000b
image (not the section-wise copied image). The original image is
475000b
pointed-to by the "orig" pointer. The current check
475000b
475000b
  (void *)reloc_end < data
475000b
475000b
compares the addresses of independent memory allocations. "data" is a typo
475000b
here, it should be "orig".
475000b
475000b
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291
475000b
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
475000b
Tested-by: Bogdan Costescu <bcostescu@gmail.com>
475000b
Tested-by: Juan Orti <j.orti.alcaine@gmail.com>
475000b
---
475000b
 grub-core/loader/efi/chainloader.c | 2 +-
475000b
 1 file changed, 1 insertion(+), 1 deletion(-)
475000b
475000b
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
bc092b9
index b977c7b55..d5ab21d09 100644
475000b
--- a/grub-core/loader/efi/chainloader.c
475000b
+++ b/grub-core/loader/efi/chainloader.c
bc092b9
@@ -401,7 +401,7 @@ relocate_coff (pe_coff_loader_image_context_t *context,
475000b
       reloc_end = (struct grub_pe32_fixup_block *)
475000b
 	((char *)reloc_base + reloc_base->size);
475000b
 
475000b
-      if ((void *)reloc_end < data || (void *)reloc_end > image_end)
475000b
+      if ((void *)reloc_end < orig || (void *)reloc_end > image_end)
475000b
         {
475000b
           grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
475000b
 		      n);
475000b
-- 
bc092b9
2.13.0
475000b