cgptlib: Always zero-initialize GPT entries buffers

ClusterFuzz still managed to find cases where we try to CRC a GPT entries buffer that wasn't initialized. Not that that's really an issue or anything... but this patch should shut it up. BRANCH=none BUG=chromium:1155876 TEST=none Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110 Reviewed-by: Joel Kitching <kitching@chromium.org>
2020-12-08 16:59:27 -08:00 · 2020-12-08 16:59:27 -08:00 · af02768dac
parent fb25edf134
commit af02768dac
1 changed files with 5 additions and 2 deletions
--- a/firmware/lib/gpt_misc.c
+++ b/firmware/lib/gpt_misc.c
@ -35,6 +35,11 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
 	gptdata->primary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);
 	gptdata->secondary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);

+	/* In some cases we try to validate header1 with entries2 or vice versa,
+	   so make sure the entries buffers always got fully initialized. */
+	memset(gptdata->primary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+	memset(gptdata->secondary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+
 	if (gptdata->primary_header == NULL ||
 	    gptdata->secondary_header == NULL ||
 	    gptdata->primary_entries == NULL ||
@ -66,7 +71,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
 				      entries_sectors,
 				      gptdata->primary_entries)) {
 			VB2_DEBUG("Read error in primary GPT entries\n");
-			memset(gptdata->primary_entries, 0, entries_bytes);
 			primary_valid = 0;
 		}
 	} else {
@ -103,7 +107,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata)
 				      entries_sectors,
 				      gptdata->secondary_entries)) {
 			VB2_DEBUG("Read error in secondary GPT entries\n");
-			memset(gptdata->secondary_entries, 0, entries_bytes);
 			secondary_valid = 0;
 		}
 	} else {