On 2025-06-19 00:54, Lidong Chen via Grub-devel wrote:
In bidi_line_wrap(), "kk - 1" in the for loop init, "i = kk - 1",
underflows when 'kk' (unsigned int) is 0. Assigning the result of
'kk - 1' to signed int 'i' may cause overflow. To address both
issues, cast 'kk' to a signed type before subtraction to ensure
safe arithmetic and assignment.
Fixed: CID 473874
Signed-off-by: Lidong Chen <lidong.c...@oracle.com>
---
grub-core/normal/charset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
index 4f6647116..a321c8438 100644
--- a/grub-core/normal/charset.c
+++ b/grub-core/normal/charset.c
@@ -738,7 +738,7 @@ bidi_line_wrap (struct grub_unicode_glyph
*visual_out,
{
int right_join = 0;
signed i;
- for (i = kk - 1; i >= 0 && (unsigned) i + 1 > line_start;
+ for (i = (signed) kk - 1; i >= 0 && (unsigned) i + 1 >
line_start;
i--)
{
enum grub_join_type join_type = get_join_type (visual[i].base);
Reviewed-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
