From af02768dace900e7e62d6788b4ff81b57b3e0a79 Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Tue, 8 Dec 2020 16:59:27 -0800 Subject: [PATCH] cgptlib: Always zero-initialize GPT entries buffers ClusterFuzz still managed to find cases where we try to CRC a GPT entries buffer that wasn't initialized. Not that that's really an issue or anything... but this patch should shut it up. BRANCH=none BUG=chromium:1155876 TEST=none Signed-off-by: Julius Werner Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110 Reviewed-by: Joel Kitching --- firmware/lib/gpt_misc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/firmware/lib/gpt_misc.c b/firmware/lib/gpt_misc.c index a0b0122c..641ef37b 100644 --- a/firmware/lib/gpt_misc.c +++ b/firmware/lib/gpt_misc.c @@ -35,6 +35,11 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata) gptdata->primary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE); gptdata->secondary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE); + /* In some cases we try to validate header1 with entries2 or vice versa, + so make sure the entries buffers always got fully initialized. */ + memset(gptdata->primary_entries, 0, GPT_ENTRIES_ALLOC_SIZE); + memset(gptdata->secondary_entries, 0, GPT_ENTRIES_ALLOC_SIZE); + if (gptdata->primary_header == NULL || gptdata->secondary_header == NULL || gptdata->primary_entries == NULL || @@ -66,7 +71,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata) entries_sectors, gptdata->primary_entries)) { VB2_DEBUG("Read error in primary GPT entries\n"); - memset(gptdata->primary_entries, 0, entries_bytes); primary_valid = 0; } } else { @@ -103,7 +107,6 @@ int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata) entries_sectors, gptdata->secondary_entries)) { VB2_DEBUG("Read error in secondary GPT entries\n"); - memset(gptdata->secondary_entries, 0, entries_bytes); secondary_valid = 0; } } else {