boot: avoid 32-bit calculation for a 64-bit lvalue

Coverity CID#1399116: > Potentially overflowing expression > gpt_header_buffer.gpt_header.SizeOfPartitionEntry * gpt_header_buffer.gpt_header.NumberOfPartitionEntries > with type unsigned int (32 bits, unsigned) is evaluated using 32-bit > arithmetic, and then used in a context that expects an expression of type > UINTN (64 bits, unsigned). Let's import the ALIGN_TO macro to sd-boot and use it to avoid the issue.
2019-03-08 14:16:40 +01:00 · 2019-03-08 14:16:40 +01:00 · 7a2cb0228c
parent ff19ad888d
commit 7a2cb0228c
2 changed files with 8 additions and 1 deletions
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -2080,8 +2080,11 @@ static VOID config_load_xbootldr(
                            h->NumberOfPartitionEntries > 1024)
                                continue;

+                        if (h->SizeOfPartitionEntry > UINTN_MAX / h->NumberOfPartitionEntries) /* overflow check */
+                                continue;
+
                        /* Now load the GPT entry table */
-                        sz = ((h->SizeOfPartitionEntry * h->NumberOfPartitionEntries + 511) / 512) * 512;
+                        sz = ALIGN_TO((UINTN) h->SizeOfPartitionEntry * (UINTN) h->NumberOfPartitionEntries, 512);
                        entries = AllocatePool(sz);

                        r = uefi_call_wrapper(block_io->ReadBlocks, 5,
--- a/src/boot/efi/util.h
+++ b/src/boot/efi/util.h
@ -7,6 +7,10 @@
 #define ELEMENTSOF(x) (sizeof(x)/sizeof((x)[0]))
 #define OFFSETOF(x,y) __builtin_offsetof(x,y)

+static inline UINTN ALIGN_TO(UINTN l, UINTN ali) {
+        return ((l + ali - 1) & ~(ali - 1));
+}
+
 static inline const CHAR16 *yes_no(BOOLEAN b) {
        return b ? L"yes" : L"no";
 }