From: Heinrich Schuchardt Date: Sun, 30 Jul 2023 09:31:08 +0000 (+0200) Subject: efi_loader: overflow in efi_allocate_pages X-Git-Tag: v2025.01-rc5-pxa1908~902^2~5 X-Git-Url: http://git.dujemihanovic.xyz/html/%7B%7B%20.RelPermalink%20%7D%7D?a=commitdiff_plain;h=48d183f2acb0157856254f52d2d856a07463acd4;p=u-boot.git efi_loader: overflow in efi_allocate_pages On 32bit systems (pages << EFI_PAGE_SHIFT) may lead to an overflow which does not occur in 64bit arithmetics. An overflow of (pages << EFI_PAGE_SHIFT) on 64bit systems should be treated as an error. Signed-off-by: Heinrich Schuchardt --- diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c index 2c5d5221a7..4630387af0 100644 --- a/lib/efi_loader/efi_memory.c +++ b/lib/efi_loader/efi_memory.c @@ -489,7 +489,7 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type, enum efi_memory_type memory_type, efi_uintn_t pages, uint64_t *memory) { - u64 len = pages << EFI_PAGE_SHIFT; + u64 len; efi_status_t ret; uint64_t addr; @@ -499,6 +499,11 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type, return EFI_INVALID_PARAMETER; if (!memory) return EFI_INVALID_PARAMETER; + len = (u64)pages << EFI_PAGE_SHIFT; + /* Catch possible overflow on 64bit systems */ + if (sizeof(efi_uintn_t) == sizeof(u64) && + (len >> EFI_PAGE_SHIFT) != (u64)pages) + return EFI_OUT_OF_RESOURCES; switch (type) { case EFI_ALLOCATE_ANY_PAGES: