diff options
| author | Steve McIntyre <93sam@debian.org> | 2019-05-03 01:41:52 +0100 |
|---|---|---|
| committer | Steve McIntyre <93sam@debian.org> | 2019-05-03 01:24:56 +0000 |
| commit | 878d860c31f2c233aa88e86d2218c45158c07da1 (patch) | |
| tree | c55058d204b1515c99094e65b8f759929c8fa2bd /Cryptlib/OpenSSL/crypto/comp/comp_lib.c | |
| parent | cb7c0af03eb341c578fb8c906861af324584a49d (diff) | |
| download | efi-boot-shim-878d860c31f2c233aa88e86d2218c45158c07da1.tar.gz efi-boot-shim-878d860c31f2c233aa88e86d2218c45158c07da1.zip | |
VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
Backport of upstream fix:
VLogError() calculates the size of format strings by using calls to
SPrint and VSPrint with a StrSize of 0 and NULL for an output
buffer. Unfortunately, this is an incorrect usage of (V)Sprint. A
StrSize of "0" is special-cased to mean "there is no limit". So, we
end up writing our string to address 0x0. This was discovered because
it causes a crash on ARM where, unlike x86, it does not necessarily
have memory mapped at 0x0.
Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
handles the size calculation and allocation for us.
Signed-off-by: Peter Jones <pjones@redhat.com>
Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
[dannf: commit message ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/comp/comp_lib.c')
0 files changed, 0 insertions, 0 deletions