From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1onz5Q-0000T4-6K for mharc-grub-devel@gnu.org; Thu, 27 Oct 2022 05:22:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onz5O-0008Pf-IW for grub-devel@gnu.org; Thu, 27 Oct 2022 05:22:03 -0400 Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onz5H-0006Lk-Kx for grub-devel@gnu.org; Thu, 27 Oct 2022 05:22:02 -0400 Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29R917Ok020261 for ; Thu, 27 Oct 2022 09:21:49 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2022-7-12; bh=au2wZiyP25B4bQvqoPgYBov1kG5BaGcL4h3Ov/L7Trk=; b=sTXhOnmKOpkX1+RkPaDzEXzY6ErU1FKmBLJkbKFCjylPnrLxVWLQqTaziJNMjuV1OCSX cr+1iYM5pqwdWKs80xbX4XmGLnhnBmxS9XRPPKFeSWJ13cSGE4Uxb0M6HAlJ1chDKfH0 3sJYZv/K66dSxeC1puoMPhoR+M5EnGST57XgY9igXhJ1uMe7n+UJR9ADQysFrJ2W0eIT mj7maFwv1wJFjipLqIbf7xESPaX3z5qXZVgqpfL64J1cYPgpQLlhMIiwUtfEAha+o7qe VDaDMaBftLgojByd2kffsyIB3CL1b1ixoW/8A/3VY6eGjQfrAeDGe6qiOnsckIBmPZb6 /w== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3kfax7sdtv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 27 Oct 2022 09:21:49 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 29R772m9033281 for ; Thu, 27 Oct 2022 09:21:48 GMT Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam07lp2046.outbound.protection.outlook.com [104.47.51.46]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3kfagmsm91-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 27 Oct 2022 09:21:48 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O9IMpaymMDTGHW1t6ZEPWoLymSjOUxLeaRV3OnI1ar4SFsLXFFflmji7C2wYLAnhFhtNEb4fNFv2AzJjrOqv7FlEGNp2inJN/EarG1vBGNg5oNi3g9iCVGqp65ndMR4dHEMUYoZSKFYHJ9vhqmCUqS67+nHPKpX5JHZmlrRj8ZfYOZ0DTSaeX9fBHHQWKKYc7utb5qugH1BPRD8s8ESmoUwf2+k+SxkKBQzj8kJsn8nEnA/Ls0Iqv6g8ptgcylcvWJoZ/Qzf60dyoawl34bWiqlScYUTBujOUd9JkVDludXsWgLBOY7eCjg+d4Ig90vIMG3Bpc8yR1gaMl5xbn1Yzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=au2wZiyP25B4bQvqoPgYBov1kG5BaGcL4h3Ov/L7Trk=; b=f5kpyGUy4RihY0hRCQogbm1u9fE1RWKB8bT5SFNQQFgA2XAy6q3ctJvORqEpoRCpcABP9sp1thAVyMkeSzQ7ZE7ejqJPTUaKyEdiCeU8DjxjEXbKSJ7yBl0LCjF70s6/Igc+hoHNKH1q/C7ZmPLc3hPIGfnj7OlNiLqLmvfePxujTpurYKCViegHuXqjNqJbOfx5uozlRv2MW0o75R1UTmdR4Xtx5UzvplBobXgVhJ698lOZTi0a0GenWjCWS2GR4WEaFcLQJGljAgZj/s5ZNuzHZ083nGfPgcMuaPEGti0obRbM6XUBfKLXmhwScZugu/1DlgJHVspz7mkTBsorPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=au2wZiyP25B4bQvqoPgYBov1kG5BaGcL4h3Ov/L7Trk=; b=JWgKICZOpjGqbzz4YI9nceWSFp/6VoikkjPhJgbDo0Y9h9OFIdNZhWW92tjUl7fAf6AowmUUgI2OoHyNBe3wystRUcqA9XSINKPoC2iLqPkop+xByk86pNj9VWQb3R8qa4lZtwWIRUeq6jWVlgNAnD4NrRWtxtilV3Cwoz8moUk= Received: from BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) by SJ1PR10MB5929.namprd10.prod.outlook.com (2603:10b6:a03:48c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.22; Thu, 27 Oct 2022 09:21:46 +0000 Received: from BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::c843:ed24:5250:26c6]) by BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::c843:ed24:5250:26c6%2]) with mapi id 15.20.5746.028; Thu, 27 Oct 2022 09:21:46 +0000 From: Darren Kenny To: Alec Brown , "grub-devel@gnu.org" Cc: Daniel Kiper , Alec Brown Subject: Re: [PATCH v2] video/readers: Add artificial limit to image dimensions In-Reply-To: <1666829804-25372-1-git-send-email-alec.r.brown@oracle.com> References: <1666829804-25372-1-git-send-email-alec.r.brown@oracle.com> Date: Thu, 27 Oct 2022 10:21:42 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB7PR05CA0066.eurprd05.prod.outlook.com (2603:10a6:10:2e::43) To BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BLAPR10MB5138:EE_|SJ1PR10MB5929:EE_ X-MS-Office365-Filtering-Correlation-Id: 7c9df96a-b776-4d82-8f72-08dab7fcab8b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: H2QgLtqHweoCUkKMBNrZxO8cU3SP0+cVemN2lBtYrpdWARkIa8IA+2kllpsowfLZdVs5bSCwTo8l4bBFCtyixqK0+FdPeBp10C2qSZLeCPvMAoaChl2YKEzjbmLu2LqsTWP+k7lhEJxOLXUojAWWHKrZ5dGALzf0ITliu+RtVgNQou8MSda8T7sGIl1m4NhIX/KRQT7k/P0LBzjJHtdbwLbN3yxCyAbPmUH5eZB+a2Vpd3C7ko4oD4Nv3+1pc2fLGXa5h03N3jdYMeY031lsk0B2KlCxymOe9SwlW6M6POQJeONlYcmg1xZjC8vSpWb8S7qMjzDQEeVdJDFepE0VXJQRdjiqJkjQi9feZ81OVvAfgcUPfWw6nwbkFrC3iHPweWIwlAjNdhucp7Qpum9byHmEQ8GSQ7X59ch6/EMBkq+j0yfWmP3s2WfytlG9Anrs+4nlnNK+7hbnOxJqFTPLw2CUN5zcAGvNGwUKqRgdBuF56KLqnhIvn5+mt3KSDsK0cixLlrOg+XNqmKQWcZyUTc3ha+DEVbYqpub8Va2j90JjHyNutoDzjdDmQGUXl6J/VsT3l7MXTmFmjqvX5J3ck5e/26mVxIhHySQW6MzvudoZt8mcCWjPINtdYoCQx442IUnG6sbZY74t9aGcfF4aloUIeTkkjohYw1OqUgmg33hhr5+2+yXlTs/+cj9yn/unY+mmnBsDyMv4TjnCfWscYg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5138.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(376002)(366004)(39860400002)(346002)(396003)(136003)(451199015)(2616005)(186003)(38100700002)(86362001)(36756003)(83380400001)(110136005)(5660300002)(54906003)(8936002)(66476007)(8676002)(66556008)(66946007)(4326008)(41300700001)(316002)(6506007)(6486002)(2906002)(4001150100001)(478600001)(107886003)(6666004)(6512007)(26005)(44832011); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?IAwowP5ZPxAQa4pKMpjwJqzl9yG49JjBwRUEXi135omN26LEnfKM0yzTQnsB?= =?us-ascii?Q?T2YlNKOS5y3OhlsIaJdAB5d3MOmdS0UGkjzIa4PSB7KYKiZ0TOEMZ/DgqRwY?= =?us-ascii?Q?U7HT2bZDVs2yyBo/UXgwqD6NzHXogVJ4FVdOaD+Ufh5Dw4UzpSirZlf0SdiL?= =?us-ascii?Q?QoGhkxYHvQvF0v3JRzJuKvykYJbmg59BDj3AIzQxYPn209OSUxlqtDZ7HPFf?= =?us-ascii?Q?bL3ONNgYFZl6i/XFip81uUEDqIIye9RkKJbh/T+KdHwbIyzSzUI8bxaGEES9?= =?us-ascii?Q?ODcokT3O5MAbxXqxHjNJ4JVZNsKRcPTVHpHkqyeMudgvhLctgCFiwzQedEnc?= =?us-ascii?Q?hDsY0JMNmT6U9pcW7obUAdnDBAeIhIzKOgDB4PPjFX9gVfnu6n+XP+NlC6+2?= =?us-ascii?Q?oR6s7Qnq41JcqV1kpPJZmgAGe9RfO2gxdZy4gAn1IAGPBQZQr2+pTt5sMXuG?= =?us-ascii?Q?xJr+kRDFfKMlfDgyjRoLJIl60jhRRtyeCr3o+zwsUiAlw7tevM/gDKJFDtaV?= =?us-ascii?Q?ANcrM/v+gTNxWpBGyJ09cEu5f8izVuieHeqWYOWFW+DyMXi1HugaWJifkfVr?= =?us-ascii?Q?x7Fv6Dzf0aNceGI4zLjiHSlyxq3DFCZGWJ0FuWcowYWu2MKeJ6w5ISEFFO7C?= =?us-ascii?Q?yFG/29Glry/loWuzyIMhj6icEoZ+GiB8LG4KeYuTxD59hP6sDMyEYVSwxELn?= =?us-ascii?Q?O/nHgIWYfKFWIbYS4FzOq4CEdfgfrgu2GGJWHQYVSOa7K9yZYllmfTMWnF31?= =?us-ascii?Q?e4xNkY1ek6CSE0p/0FxMX3sGnIkn2x5a0+FIBDccYnFBxR2R3xUww1XFZa2q?= =?us-ascii?Q?ajbCqS1dK6YttFo5kWbarXaV1itgCtmAgHqv0Uf8peQt16lAZtuQiJvBZtWl?= =?us-ascii?Q?VO6iTK6oklbonQnWxMZVmAJERclC/NHNlMIo+Cb80++lJQ+lNF/2j5/snAH8?= =?us-ascii?Q?2GHnCnaHDaCxONrDDuZFhJT3+t99JwX2lQkM7ciBR5Tw+WnCXVPam9/OiWCW?= =?us-ascii?Q?p4jftdm33U9XkeOS2MUaA+/YD3E/+lT8TJqMLfbPnqHNM2Cew1XErLojWAcM?= =?us-ascii?Q?Tlrcyn8U/kXv3ORwwXZzwIVLMeKt0egHZOWMWcioudytQWnnqgSLJx/L63ZR?= =?us-ascii?Q?Exkump1TubXkxyPzoaFU+afN3/25HmtFaGXt2qtzuVmyD76x+gtGzj/Olmug?= =?us-ascii?Q?p7Wd4XBuen0AEEzFmlvygtYeMMsNuM0Z89ppRj+e6Rch8NGHHrybjqHi2VLg?= =?us-ascii?Q?Mus/dcn9FjIyRuDS2gTKR4UNTlVCVENYYFk2qYuitelnepyXcWk6qslJSP5O?= =?us-ascii?Q?TTZ6BqgktDWKz9MX9lMniNtyANtIbCwxk1iDAC/qhZXWwouQcFqns5HQGf0e?= =?us-ascii?Q?++Z10Kv9tz2R4ScthT8dDVhqZyZ24LI+DycLqf8S1nTk9f2yI4ZUXc28Cz/6?= =?us-ascii?Q?hyzXJFRSjnkVt1fXYHFHezdV94yHq1Nho7SbZug2zHodifWImzGqMUKwUOwG?= =?us-ascii?Q?yPgkETb8Lga7F6/xEkpcsMljSiiB6FWiOsl7Ys3N2LWa5aF/u6vRMPuGcBxu?= =?us-ascii?Q?UUs5UtualTOj16lr9FJvoHQwkJMm0Ls+QT7b8ywNhyi79aoBJkE0y0quqz1d?= =?us-ascii?Q?ug=3D=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c9df96a-b776-4d82-8f72-08dab7fcab8b X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5138.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 09:21:46.5756 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +23GSZ0i9xrCyBeAJoX/JGIDQzpwfTLruQ0P9DuSiZJmCC2P1BGn9LN0TqIYztPhKrmKgoR5Trj4/so4jX2M2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR10MB5929 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-27_04,2022-10-26_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 phishscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2210270052 X-Proofpoint-GUID: lBZNFqthiwYX5GVQPnu__qWrSrhmhPW0 X-Proofpoint-ORIG-GUID: lBZNFqthiwYX5GVQPnu__qWrSrhmhPW0 Received-SPF: pass client-ip=205.220.177.32; envelope-from=darren.kenny@oracle.com; helo=mx0b-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2022 09:22:03 -0000 Hi Alec, On Thursday, 2022-10-27 at 01:16:44 +01, Alec Brown wrote: > In grub-core/video/readers/jpeg.c, the height and width of a JPEG image don't > have an upper limit for how big the JPEG image can be. In coverity, this is > getting flagged as an untrusted loop bound. This issue can also seen in PNG and > TGA format images as well but coverity isn't flagging it. To prevent this, the > constant IMAGE_HW_MAX_PX is being added to bitmap.h, which has a value of 16384, > to act as an artifical limit and restrict the height and width of images. This > value was picked as it is double the current max resolution size, which is 8K. > > Fixes: CID 292450 > > Signed-off-by: Alec Brown > Looks good to me, so: Reviewed-by: Darren Kenny Thanks, Darren. > --- > > In v1, the patch set was developed on outdated code and there was > already a fix for the second patch. So in this version, the second patch > has been dropped. The only thing that has changed in this patch is line > numbers. > > docs/grub.texi | 3 ++- > grub-core/video/readers/jpeg.c | 6 +++++- > grub-core/video/readers/png.c | 6 +++++- > grub-core/video/readers/tga.c | 7 +++++++ > include/grub/bitmap.h | 2 ++ > 5 files changed, 21 insertions(+), 3 deletions(-) > > diff --git a/docs/grub.texi b/docs/grub.texi > index 0dbbdc374..2d6cd8358 100644 > --- a/docs/grub.texi > +++ b/docs/grub.texi > @@ -1515,7 +1515,8 @@ resolution. @xref{gfxmode}. > Set a background image for use with the @samp{gfxterm} graphical terminal. > The value of this option must be a file readable by GRUB at boot time, and > it must end with @file{.png}, @file{.tga}, @file{.jpg}, or @file{.jpeg}. > -The image will be scaled if necessary to fit the screen. > +The image will be scaled if necessary to fit the screen. Image height and > +width will be restricted by an artificial limit of 16384. > > @item GRUB_THEME > Set a theme for use with the @samp{gfxterm} graphical terminal. > diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c > index 09596fbf5..ae634fd41 100644 > --- a/grub-core/video/readers/jpeg.c > +++ b/grub-core/video/readers/jpeg.c > @@ -346,7 +346,11 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) > data->image_height = grub_jpeg_get_word (data); > data->image_width = grub_jpeg_get_word (data); > > - if ((!data->image_height) || (!data->image_width)) > + grub_dprintf ("jpeg", "image height: %d\n", data->image_height); > + grub_dprintf ("jpeg", "image width: %d\n", data->image_width); > + > + if ((!data->image_height) || (!data->image_width) || > + (data->image_height > IMAGE_HW_MAX_PX) || (data->image_width > IMAGE_HW_MAX_PX)) > return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid image size"); > > cc = grub_jpeg_get_byte (data); > diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c > index 7f2ba7849..3163e97bf 100644 > --- a/grub-core/video/readers/png.c > +++ b/grub-core/video/readers/png.c > @@ -264,7 +264,11 @@ grub_png_decode_image_header (struct grub_png_data *data) > data->image_width = grub_png_get_dword (data); > data->image_height = grub_png_get_dword (data); > > - if ((!data->image_height) || (!data->image_width)) > + grub_dprintf ("png", "image height: %d\n", data->image_height); > + grub_dprintf ("png", "image width: %d\n", data->image_width); > + > + if ((!data->image_height) || (!data->image_width) || > + (data->image_height > IMAGE_HW_MAX_PX) || (data->image_width > IMAGE_HW_MAX_PX)) > return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); > > color_bits = grub_png_get_byte (data); > diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c > index a9ec3a1b6..f2f563d06 100644 > --- a/grub-core/video/readers/tga.c > +++ b/grub-core/video/readers/tga.c > @@ -340,6 +340,13 @@ grub_video_reader_tga (struct grub_video_bitmap **bitmap, > data.image_width = grub_le_to_cpu16 (data.hdr.image_width); > data.image_height = grub_le_to_cpu16 (data.hdr.image_height); > > + grub_dprintf ("tga", "image height: %d\n", data.image_height); > + grub_dprintf ("tga", "image width: %d\n", data.image_width); > + > + /* Check image height and width are within restrictions */ > + if ((data.image_height > IMAGE_HW_MAX_PX) || (data.image_width > IMAGE_HW_MAX_PX)) > + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "tga: invalid image size"); > + > /* Check that bitmap encoding is supported. */ > switch (data.hdr.image_type) > { > diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h > index 5728f8ca3..149d37bfe 100644 > --- a/include/grub/bitmap.h > +++ b/include/grub/bitmap.h > @@ -24,6 +24,8 @@ > #include > #include > > +#define IMAGE_HW_MAX_PX 16384 > + > struct grub_video_bitmap > { > /* Bitmap format description. */ > -- > 2.27.0