[PATCH 1/2] vga_text: Prevent out-of-bounds writes to VGA text buffer

Ryan Cohen Sat, 26 Nov 2022 14:30:02 -0800

Coordinates passed to screen_write_char() did not have any checks to
ensure they are not out-of-bounds. This adds an if statement to prevent
out-of-bounds writes to the VGA text buffer.


Signed-off-by: Ryan Cohen <rcohenprogramm...@gmail.com>
---
 grub-core/term/i386/pc/vga_text.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/grub-core/term/i386/pc/vga_text.c 
b/grub-core/term/i386/pc/vga_text.c
index 669d06fad..b88fa9d2e 100644
--- a/grub-core/term/i386/pc/vga_text.c
+++ b/grub-core/term/i386/pc/vga_text.c
@@ -63,7 +63,8 @@ static grub_uint8_t cur_color = 0x7;
 static void
 screen_write_char (int x, int y, short c)
 {
-  VGA_TEXT_SCREEN[y * COLS + x] = grub_cpu_to_le16 (c);
+  if (x < COLS && y < ROWS && x >= 0 && y >= 0)
+    VGA_TEXT_SCREEN[y * COLS + x] = grub_cpu_to_le16 (c);
 }
 
 static short
-- 
2.38.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH 1/2] vga_text: Prevent out-of-bounds writes to VGA text buffer

Reply via email to