47cf63735c
Resolves: CVE-2020-10713 Resolves: CVE-2020-14308 Resolves: CVE-2020-14309 Resolves: CVE-2020-14310 Resolves: CVE-2020-14311 Resolves: CVE-2020-15705 Resolves: CVE-2020-15706 Resolves: CVE-2020-15707 Signed-off-by: Peter Jones <pjones@redhat.com>
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Makhalov <amakhalov@vmware.com>
|
|
Date: Wed, 8 Jul 2020 20:41:56 +0000
|
|
Subject: [PATCH] gfxmenu: Fix double free in load_image()
|
|
|
|
self->bitmap should be zeroed after free. Otherwise, there is a chance
|
|
to double free (USE_AFTER_FREE) it later in rescale_image().
|
|
|
|
Fixes: CID 292472
|
|
|
|
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Upstream-commit-id: 5d3e84b15a4
|
|
---
|
|
grub-core/gfxmenu/gui_image.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
|
|
index 29784ed2d9a..6b2e976f16e 100644
|
|
--- a/grub-core/gfxmenu/gui_image.c
|
|
+++ b/grub-core/gfxmenu/gui_image.c
|
|
@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
|
|
return grub_errno;
|
|
|
|
if (self->bitmap && (self->bitmap != self->raw_bitmap))
|
|
- grub_video_bitmap_destroy (self->bitmap);
|
|
+ {
|
|
+ grub_video_bitmap_destroy (self->bitmap);
|
|
+ self->bitmap = 0;
|
|
+ }
|
|
if (self->raw_bitmap)
|
|
grub_video_bitmap_destroy (self->raw_bitmap);
|
|
|