1From 5dc41edc4eba259c6043ae7698c245ec1baaacc6 Mon Sep 17 00:00:00 2001 2From: Darren Kenny <darren.kenny@oracle.com> 3Date: Thu, 5 Nov 2020 14:33:50 +0000 4Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value 5 6The return value of ftell() may be negative (-1) on error. While it is 7probably unlikely to occur, we should not blindly cast to an unsigned 8value without first testing that it is not negative. 9 10Fixes: CID 73856 11 12Signed-off-by: Darren Kenny <darren.kenny@oracle.com> 13Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 14Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 15--- 16 util/grub-editenv.c | 8 +++++++- 17 1 file changed, 7 insertions(+), 1 deletion(-) 18 19diff --git a/util/grub-editenv.c b/util/grub-editenv.c 20index f3662c9..db6f187 100644 21--- a/util/grub-editenv.c 22+++ b/util/grub-editenv.c 23@@ -125,6 +125,7 @@ open_envblk_file (const char *name) 24 { 25 FILE *fp; 26 char *buf; 27+ long loc; 28 size_t size; 29 grub_envblk_t envblk; 30 31@@ -143,7 +144,12 @@ open_envblk_file (const char *name) 32 grub_util_error (_("cannot seek `%s': %s"), name, 33 strerror (errno)); 34 35- size = (size_t) ftell (fp); 36+ loc = ftell (fp); 37+ if (loc < 0) 38+ grub_util_error (_("cannot get file location `%s': %s"), name, 39+ strerror (errno)); 40+ 41+ size = (size_t) loc; 42 43 if (fseek (fp, 0, SEEK_SET) < 0) 44 grub_util_error (_("cannot seek `%s': %s"), name, 45-- 462.14.2 47 48