From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1q6yo8-0007Kb-2l for mharc-grub-devel@gnu.org; Wed, 07 Jun 2023 15:27:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q6yo6-0007KO-2O for grub-devel@gnu.org; Wed, 07 Jun 2023 15:26:58 -0400 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q6yo3-0000Xb-SW for grub-devel@gnu.org; Wed, 07 Jun 2023 15:26:57 -0400 Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357EhYku005551 for ; Wed, 7 Jun 2023 19:26:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2023-03-30; bh=yOmd1EIOIiwBa8gpy7vo8HaoteZyPLD2Dj/6LbEVO9I=; b=WEcZgVpPNzBYMg0mm5khlNs4t4RmfqH9kDf3PCfmHDCt87tQY9TerMX/vXpGEjhFHUGW wRgs8o80M/KmN4d1L1LboAWgs3cAGiLocZqgGbv+lYyAvQq97MJHVon/596SFxCu0Y4o Q8HXNv7JqaAX92GpxKH7WHyZcvcLpmJXb5aaCy8suLDishOUg3tWLxxxfO0MZ7PgJM2+ WnnkysOEFs5kOzeMB97kGxUJwvJE9P1nPceE3Y6TKfSIRTr0RkB0KSukuhY8HA/5nXkF eMVZvoW896KVepPBnghDMOUaE7yxUTEiSfnVLp+p+RFmdRxzRH/0OoUuH5bVPpcZW51X BQ== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3r2a6sjmhk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 07 Jun 2023 19:26:51 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 357Icbds011199 for ; Wed, 7 Jun 2023 19:26:50 GMT Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2175.outbound.protection.outlook.com [104.47.55.175]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3r2a6qy4ua-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 07 Jun 2023 19:26:50 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XAFgyS+eLDXdysLNxO+VQ7Vp/SECAFk+ganEvvwp/dSIIOw6xHq3vMvOyomNVEhzlOFm6xkLfCqFa0mj0TZbquYPG2ztDXqRsOcCTFVaxTri3wjE60GRckVRH8gjvsaMb5eZ8RARwgKR/DzvRIuY7ifyes185cvudcd4V/aWkYC//5sOGOSFH9MxrpcUD9JTz5ZlOIYITEa0me/ovn41XgINK5haBVQkaCsErGpQVuhXhKqtQz3lShx+aEdBUv2dseW3N//W+728hEoh/4DSk/FwQhTaEp+qcoyuUAexPZL0qUgJVMqdzx2QFuRVNjAnkF9uYCuKSrRku2fnSr/Uaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yOmd1EIOIiwBa8gpy7vo8HaoteZyPLD2Dj/6LbEVO9I=; b=OXI36j/wgP97/t3ZwU430c0miKnqXN48Amcq0vfEbIp/VpcNlVnrjJOaaQtlp7DEwYGFPiLLLoB2lCiZJzhBUshoQSifrYz3IabfvmW9N637sP7rgYQ7IqTc4Kqp+tZjQSgMDhU4gnq0hfOPN06XSlgdh0jZjkbAxFJpbl500Rf3yT8Qz0s4zHVKBzZ3gMkyplqpGcb/WaaTHG1K58Y4ynh6AADuM/cilNr2NvksuWnpja1Lre1HdAp9gdWoM2v+8w2oik5di69qcap50bGBcnNZ57r0dQD6cksMCYfqvpN+jjFxM6CzCR7MabwQO6y3JWcEpsZ6KV2W3zbg3ewd4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yOmd1EIOIiwBa8gpy7vo8HaoteZyPLD2Dj/6LbEVO9I=; b=qwr8Znmuxt6SKzucbr7LYtNNbbrrOEDw1V8LxkFFv4ncJXSNtkB/wBCbG3N8YMyukJEQZp6gQymM3gmemLGHv3xkXV7VH8N4/a5C7uNcIfBTW70cOTFTJnRu+IB4ABCGe0ZuE4bLccWAqSEABkKLEPRechNflYW1D/qOPBlAS2k= Received: from BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) by CO1PR10MB4452.namprd10.prod.outlook.com (2603:10b6:303:6e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.38; Wed, 7 Jun 2023 19:26:48 +0000 Received: from BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::9704:b96b:e334:4972]) by BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::9704:b96b:e334:4972%3]) with mapi id 15.20.6455.034; Wed, 7 Jun 2023 19:26:48 +0000 From: Darren Kenny To: Lidong Chen , grub-devel@gnu.org Cc: daniel.kiper@oracle.com, lidong.chen@oracle.com Subject: Re: [PATCH v2 1/1] fs/udf: Fix out of bounds access In-Reply-To: <6aa3a86b3dc6699ac2f84626d4d83643fc6bc20a.1686100317.git.lidong.chen@oracle.com> References: <6aa3a86b3dc6699ac2f84626d4d83643fc6bc20a.1686100317.git.lidong.chen@oracle.com> Date: Wed, 07 Jun 2023 20:26:44 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB6PR0402CA0015.eurprd04.prod.outlook.com (2603:10a6:4:91::25) To BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BLAPR10MB5138:EE_|CO1PR10MB4452:EE_ X-MS-Office365-Filtering-Correlation-Id: 2ae178dc-38de-4bde-6a42-08db678d2348 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EAH6NnsTNgLRaWio7CEpSqzhdKxTrYvHQzHXfRXwybRg4n3HUeV82KExhIIGZkjBG43VL8dl6Uh280pNLjeImUzg6UdS6zeJqi2sAgcLDjLs0+bv3R1hV95Js6cvumZK/MhzNpHQVd6PysjoJenWVvet6y3sq3RAlyIoPoTQ5rpiabZCWVSzCRp9cIfdCiP1QtapvYxdD3Zt446MphWg71ofmpRm1XKCUZFXD2ODV5xYF7TALFu/VVWWiI9Hi4GTcW+vz29tiVT7LdoyB0w4rq1X6rLpg01x7LICJpf4qM0M4EnC6+b9ISbEZBonqIsbhzx88ZaYrXEYYYKRYl9Kbzs7LFU6hUjirivDMK8yzeyoc1EPXyfSQZUsfcB8VNT/KK2a8NUmHeE+OzBuFemByD7q9c5f3PDOKwq+3H403EyG/x9V0oFBNljKPnHn+6ud7zIkachbB/65cpzQdk2g67slfartFZvWBMYBXuekWEdS1vkPAGgsEjNDBpjMtt35iXPV7bgnJXyiQ7n+dFpIJo9v3R/B4/kNEHcjI+CRUlhZOvo0D5Hjdy/bpy+ko9Gc X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5138.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(39860400002)(136003)(346002)(396003)(376002)(451199021)(107886003)(8676002)(8936002)(5660300002)(86362001)(6506007)(36756003)(6512007)(26005)(2906002)(44832011)(186003)(41300700001)(316002)(4326008)(38100700002)(66476007)(66556008)(66946007)(2616005)(6486002)(6666004)(83380400001)(478600001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?naUuKAkkk9EAu57zBcwo+mCXRhDsehTBU68IU1UQy5l7z5fylvibO7/Rm9r1?= =?us-ascii?Q?pHWr5Uc99yrrM7MHDWXckcfvum1wTBjBZHkZJxVa0Vy0CgvMtA02fEqYid4b?= =?us-ascii?Q?FeC8ZsNAPgtzODqGbsuohuqNYel0vBuImeK/ThYugtWKsL+mdhahlGFXXaQJ?= =?us-ascii?Q?kBL7hMusT51+Qc4fhfm/OWcZ6P+7xW8wlHtEYmGF9Wi/WAvYkqMgn6TwQKF6?= =?us-ascii?Q?jAjw+Y6ea7AZPX+Ss+HCjVpP4rOY8Pvqbq1G0HqM4vap7dcXXD6SuPHmxrPH?= =?us-ascii?Q?CRi7450nvJDST7SovSP2XhBTcLFrNCob75P91V5wKjyoNSKiMF9L8LF//4oH?= =?us-ascii?Q?a3ys12rpU3Tq3qXN8s6m5iXj1YiXWDgvdv6ZU6wb0VfZk/LNTx5EP6G2L/vP?= =?us-ascii?Q?dy7xf0EhVddkpWNqAHLT4vr5M9y0jv27GrZuNsGpApjCuBxsEiEoNhlfWZnX?= =?us-ascii?Q?H9MAIxw34Mt07VPXtQukb0B7hndfwDeobSHmpZIyVXARHX6mzdMQu/3hPNoI?= =?us-ascii?Q?nC8QAfFEisetXDTrP5LekYNOVehOUXwn4/+lEPEsqUgTebEFmee89B906vSO?= =?us-ascii?Q?qkBmuyneXvQfxYk/Aibqk9LzFL/sCMOdEOoNtuK7kuyG5rvGCPqXIMr3Z+eu?= =?us-ascii?Q?3OxU4H9GWdTrs/BRN9BwpRT3FMrxpgoVPqd0uMuiAfYUcqioEfwtq+ya3Wid?= =?us-ascii?Q?66jfaN64A0Rp+r3NzGMEG17hWJ4xLnmtY7QkpE30bJGKCHnWocNRBMoBH5yz?= =?us-ascii?Q?Bo8U2n9wT9NiAtghGEvL2GMrtWMQd8To3jHohxe7vDZFM1B5qt+oWPiCf6KD?= =?us-ascii?Q?2N8t08hAGJEoIKW474IiPgYg83VC/dUWvbmz2FGGMfbR4EvYac1f/Eb0Apf1?= =?us-ascii?Q?a9sy2bGt4LMo+qj9mpb5NcfkKNKgX1aTNSu/MpmlgpW0heZw4LOfxBsiRqTl?= =?us-ascii?Q?u5Lbgt1ffVtX5U8RqF0ipCfNfhUHrm/4lXXBTS5wMPrXkx7qWlpoAKlT4BC8?= =?us-ascii?Q?eluDa+VQq+roTJ5wilGSd2sYfwTgDQd6ipl7Weu93Gfq9oCwgZBx/CojDFUE?= =?us-ascii?Q?XD8myGuc8l++FrUP2p65fVIbLS7pIf+tBRsA+JMinvlO4AYHIxei79X+8+XF?= =?us-ascii?Q?4uFm8NuE0UmDcoDB/IySIOmFi7cw9h1OOxP187dOY7eIVR4GAuZI0e6IR8ew?= =?us-ascii?Q?KjfjiCQGPuckmMHnX7n6zgqwwsnjJ0+7nT5ZUZ3HOKWRyJUgKhg4DOaLRi9H?= =?us-ascii?Q?5Y16CuFm+k8VpT7G5YRhn9vUeEWPT1tFIwuOeAwaULQAmhIdQZQoQ9+jMFI2?= =?us-ascii?Q?CKVo1j+rkk/yr8YLf5cNjWpDEmWwOvRrOEZnF+s4yMijt0gijbs22bMoQiCW?= =?us-ascii?Q?fpcSFAwK1MtqvghlhVwltrAu0QMRH+W6VAOZslj0BknBefNXlJ3NvtJXxirw?= =?us-ascii?Q?3WCAKbl9Z9DwgROycwlKf4roOWP1MRQMQvjCFO7Zyj//WSV9gpHXVrcEiNvX?= =?us-ascii?Q?StmrYRXuL8yjc0SsH3WwpGlJhAEnaPdKrpivZPJYdDW68UmZVMTgP83fkFRc?= =?us-ascii?Q?0PPLs1MioMlUqAC5LPV6uz+k0usl/vvoeS5KMSzwCAC5YwcdouSYFKbM7K3/?= =?us-ascii?Q?HA=3D=3D?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: WtEp+2cs2Sp5EyMQxZghDT34EyGY4Qjcw2aHCToLXJdiv5jfzA7/v1uT38X3iuA1XSjNPRPzLElXlhq0GH9EeNqwC+rDmGDlnLm6iJmKEaJq5REOINtoWQp5CSnuTmFlM8c6RUV/EdwI7K536CW/0YUQ1jdS9Eb89TIJpOHR3msRrBU+enbpeivF9AL9W+wGEoDxl/5SEC179HpFyBM29HRJQ7vZJoFdH/6pCkRkrWMMV9te+thFgQqHi/6/Ol9vUYulA6x9RIAOgwQJx4BUSE+ic4Vkz4YWSrJr/8yIKHFuz+rlwWKiqalB1UTDb6X1OfAwnU/FOkkife1WpkC76B8ob+1nEDU8NvumJ0VjViUFsRfqcsOB5pyEgdbLMl3MJKE80M1mDm+hExEl6QwBIjvB4UywG73oAl6obra0PZOu4WInhSJrBD0/Gs5yxioPtNWj8tTVFsRgIPDOao/F8HPMw11KRYz12jMQfAUpzxXIPuQYyHwmlOelHp1M8q3MJ17rpDwiIC8GZMqGZYa88ofztJCNVeDbamYv6WGS4cbCmyee/fV6OMWjasoAcNMdC4vdG2YcShlCfHkDBVizF9GTHiNr7IBshmQfV9En/n57hm3gblRQQU75afPTdem2qjX3Tc783N6ty2etCWmkVB+EJ4ExuTsZVn9AiFmVXNPOUjTj29GYa4X7fjfreajpBVKeXGQiq5w7PvBvIjbRdJOp03fFVbXW4uGsvVM9o1E= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ae178dc-38de-4bde-6a42-08db678d2348 X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5138.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jun 2023 19:26:48.5188 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CeIyJlc4g+8jicHflTxphKYmUdUrnb8l29ZSyOBx2PuoKPaAlAXVwssWIweEuF7hHPUY2l1vtW57MfYuPXMnvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR10MB4452 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_10,2023-06-07_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 mlxscore=0 bulkscore=0 phishscore=0 mlxlogscore=999 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2306070167 X-Proofpoint-GUID: Bj5dxD4zPQqyww4v3zVVdQLRiXRd3jjf X-Proofpoint-ORIG-GUID: Bj5dxD4zPQqyww4v3zVVdQLRiXRd3jjf Received-SPF: pass client-ip=205.220.165.32; envelope-from=darren.kenny@oracle.com; helo=mx0a-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2023 19:26:58 -0000 Hi Li,, LGTM! Reviewed-by: Darren Kenny Thanks, Darren. On Wednesday, 2023-06-07 at 01:31:06 UTC, Lidong Chen wrote: > Implemented a boundary check before advancing the allocation > descriptors pointer. > > Signed-off-by: Lidong Chen > Reviewed-by: Darren Kenny > Reviewed-by: Daniel Kiper > --- > grub-core/fs/udf.c | 38 ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 38 insertions(+) > > diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c > index 7679ea309..58884d2ba 100644 > --- a/grub-core/fs/udf.c > +++ b/grub-core/fs/udf.c > @@ -114,6 +114,10 @@ GRUB_MOD_LICENSE ("GPLv3+"); > #define GRUB_UDF_PARTMAP_TYPE_1 1 > #define GRUB_UDF_PARTMAP_TYPE_2 2 > > +#define GRUB_UDF_INVALID_STRUCT_PTR(_ptr, _struct) \ > + ((char *) (_ptr) >= end_ptr || \ > + ((grub_ssize_t)(end_ptr - (char*)(_ptr)) < (grub_ssize_t)sizeof(_struct))) > + > struct grub_udf_lb_addr > { > grub_uint32_t block_num; > @@ -458,6 +462,7 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) > char *ptr; > grub_ssize_t len; > grub_disk_addr_t filebytes; > + char *end_ptr; > > switch (U16 (node->block.fe.tag.tag_ident)) > { > @@ -476,9 +481,17 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) > return 0; > } > > + end_ptr = (char *) node + get_fshelp_size (node->data); > + > if ((U16 (node->block.fe.icbtag.flags) & GRUB_UDF_ICBTAG_FLAG_AD_MASK) > == GRUB_UDF_ICBTAG_FLAG_AD_SHORT) > { > + if (GRUB_UDF_INVALID_STRUCT_PTR(ptr, struct grub_udf_short_ad)) > + { > + grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system"); > + return 0; > + } > + > struct grub_udf_short_ad *ad = (struct grub_udf_short_ad *) ptr; > > filebytes = fileblock * U32 (node->data->lvd.bsize); > @@ -542,10 +555,22 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) > filebytes -= adlen; > ad++; > len -= sizeof (struct grub_udf_short_ad); > + > + if (GRUB_UDF_INVALID_STRUCT_PTR(ad, struct grub_udf_short_ad)) > + { > + grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system"); > + return 0; > + } > } > } > else > { > + if (GRUB_UDF_INVALID_STRUCT_PTR(ptr, struct grub_udf_long_ad)) > + { > + grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system"); > + return 0; > + } > + > struct grub_udf_long_ad *ad = (struct grub_udf_long_ad *) ptr; > > filebytes = fileblock * U32 (node->data->lvd.bsize); > @@ -611,6 +636,12 @@ grub_udf_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) > filebytes -= adlen; > ad++; > len -= sizeof (struct grub_udf_long_ad); > + > + if (GRUB_UDF_INVALID_STRUCT_PTR(ad, struct grub_udf_long_ad)) > + { > + grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system"); > + return 0; > + } > } > } > > @@ -630,6 +661,7 @@ grub_udf_read_file (grub_fshelp_node_t node, > case GRUB_UDF_ICBTAG_FLAG_AD_IN_ICB: > { > char *ptr; > + char *end_ptr = (char *) node + get_fshelp_size (node->data); > > ptr = ((U16 (node->block.fe.tag.tag_ident) == GRUB_UDF_TAG_IDENT_FE) ? > ((char *) &node->block.fe.ext_attr[0] > @@ -637,6 +669,12 @@ grub_udf_read_file (grub_fshelp_node_t node, > ((char *) &node->block.efe.ext_attr[0] > + U32 (node->block.efe.ext_attr_length))); > > + if ((ptr + pos + len) > end_ptr) > + { > + grub_error (GRUB_ERR_BAD_FS, "corrupted UDF file system"); > + return 0; > + } > + > grub_memcpy (buf, ptr + pos, len); > > return len; > -- > 2.39.1