1*4882a593SmuzhiyunFrom 3334a5e6c86f10e715cca3bf66ce0fc2f164b61b Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Daniel Axtens <dja@axtens.net> 3*4882a593SmuzhiyunDate: Wed, 13 Jan 2021 20:59:09 +1100 4*4882a593SmuzhiyunSubject: [PATCH] io/gzio: Bail if gzio->tl/td is NULL 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunThis is an ugly fix that doesn't address why gzio->tl comes to be NULL. 7*4882a593SmuzhiyunHowever, it seems to be sufficient to patch up a bunch of NULL derefs. 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunIt would be good to revisit this in future and see if we can have 10*4882a593Smuzhiyuna cleaner solution that addresses some of the causes of the unexpected 11*4882a593SmuzhiyunNULL pointers. 12*4882a593Smuzhiyun 13*4882a593SmuzhiyunSigned-off-by: Daniel Axtens <dja@axtens.net> 14*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 15*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 16*4882a593Smuzhiyun--- 17*4882a593Smuzhiyun grub-core/io/gzio.c | 20 ++++++++++++++++++++ 18*4882a593Smuzhiyun 1 file changed, 20 insertions(+) 19*4882a593Smuzhiyun 20*4882a593Smuzhiyundiff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c 21*4882a593Smuzhiyunindex 43d98a7..4a8eaea 100644 22*4882a593Smuzhiyun--- a/grub-core/io/gzio.c 23*4882a593Smuzhiyun+++ b/grub-core/io/gzio.c 24*4882a593Smuzhiyun@@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio) 25*4882a593Smuzhiyun { 26*4882a593Smuzhiyun if (! gzio->code_state) 27*4882a593Smuzhiyun { 28*4882a593Smuzhiyun+ 29*4882a593Smuzhiyun+ if (gzio->tl == NULL) 30*4882a593Smuzhiyun+ { 31*4882a593Smuzhiyun+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); 32*4882a593Smuzhiyun+ return 1; 33*4882a593Smuzhiyun+ } 34*4882a593Smuzhiyun+ 35*4882a593Smuzhiyun NEEDBITS ((unsigned) gzio->bl); 36*4882a593Smuzhiyun if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16) 37*4882a593Smuzhiyun do 38*4882a593Smuzhiyun@@ -707,6 +714,12 @@ inflate_codes_in_window (grub_gzio_t gzio) 39*4882a593Smuzhiyun n = t->v.n + ((unsigned) b & mask_bits[e]); 40*4882a593Smuzhiyun DUMPBITS (e); 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun+ if (gzio->td == NULL) 43*4882a593Smuzhiyun+ { 44*4882a593Smuzhiyun+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td"); 45*4882a593Smuzhiyun+ return 1; 46*4882a593Smuzhiyun+ } 47*4882a593Smuzhiyun+ 48*4882a593Smuzhiyun /* decode distance of block to copy */ 49*4882a593Smuzhiyun NEEDBITS ((unsigned) gzio->bd); 50*4882a593Smuzhiyun if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16) 51*4882a593Smuzhiyun@@ -917,6 +930,13 @@ init_dynamic_block (grub_gzio_t gzio) 52*4882a593Smuzhiyun n = nl + nd; 53*4882a593Smuzhiyun m = mask_bits[gzio->bl]; 54*4882a593Smuzhiyun i = l = 0; 55*4882a593Smuzhiyun+ 56*4882a593Smuzhiyun+ if (gzio->tl == NULL) 57*4882a593Smuzhiyun+ { 58*4882a593Smuzhiyun+ grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); 59*4882a593Smuzhiyun+ return; 60*4882a593Smuzhiyun+ } 61*4882a593Smuzhiyun+ 62*4882a593Smuzhiyun while ((unsigned) i < n) 63*4882a593Smuzhiyun { 64*4882a593Smuzhiyun NEEDBITS ((unsigned) gzio->bl); 65*4882a593Smuzhiyun-- 66*4882a593Smuzhiyun2.14.2 67*4882a593Smuzhiyun 68