The test corpus for version-1 RAID generated an infinite recursion
in grub_partition_iterate() while attempting to read the superblock.
The reason for the issue was that the data region overlapped with
the superblock.
The infinite call loop looks like this:
grub_partition_iterate() -> partmap->ite
Fix memory leaks in grub_btrfs_extent_read() and
grub_btrfs_dir().
Fixes: CID 473842
Fixes: CID 473871
Signed-off-by: Lidong Chen
---
grub-core/fs/btrfs.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 9c1e925c9..7bf8d9
In grub_xnu_load_kext_from_dir(), when the call to grub_device_open()
failed, it simply cleaned up previously allocated memory and returned
GRUB_ERR_NONE. However, it neglected to free ctx->newdirname which is
allocated before the call to grub_device_open().
Fixes: CID 473859
Signed-off-by: Lidon
Fix memory leaks in grub_relocator_alloc_chunk_align().
Fixes: CID 473844
Signed-off-by: Lidong Chen
---
grub-core/lib/relocator.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index e0478ae5b..3306a1bb7 100644
---
These patches address memory leaks identified by Coverity.
Lidong Chen (5):
disk/ldm: Fix memory leaks
lib/reloacator: Fix memory leaks
loader/i386/linux: Fix resource leak
fs/btrfs: Fix memory leaks
loader/xnu: Fix memory leak
grub-core/disk/ldm.c | 180 +++---
In grub_cmd_initrd(), initrd_ctx is allocated before calling
grub_relocator_alloc_chunk_align(). When that function fails,
initrd_ctx should be freed before exiting grub_cmd_initrd().
Fixes: CID 473852
Signed-off-by: Lidong Chen
---
grub-core/loader/i386/linux.c | 5 -
1 file changed, 4 ins
Fix memory leaks in make_vg() with new helper functions, free_pv()
and free_lv(). Additionally, correct a check after allocating
comp->segments->nodes that mistakenly checked lv->segments->nodes
instead, likely due to a copy-paste error.
Fixes: CID 473878
Fixes: CID 473884
Fixes: CID 473889
Fixes:
> On Feb 28, 2025, at 7:57 AM, Andrew Hamilton wrote:
>
> Yes that sounds great, I am back from vacation just now so will be generally
> free any time between 0800 and 2100 Central Standard Time.
I’m mostly available from 9am PT onward.
Thanks,
Lidong
>
> Thanks,
> Andrew
> On Fri, Feb 28,
The potential overflow issue arises at "size += ret;" because 'size'
is of type ssize_t (signed) while 'len' is size_t (unsigned). Repeatedly
adding read sizes ('ret') to 'size' can potentially exceed the maximum
value of ssize_t, causing it to overflow into a negative or incorrect value.
The fix i
In bidi_line_wrap(), "kk - 1" in the for loop init, "i = kk - 1",
underflows when 'kk' (unsigned int) is 0. Assigning the result of
'kk - 1' to signed int 'i' may cause overflow. To address both
issues, cast 'kk' to a signed type before subtraction to ensure
safe arithmetic and assignment.
Fixed:
This patch resolved a minor issue spotted by Coverity:
a983d36bd917 gnulib/regexec: Resolve unused variable
But, it was removed by the gnulib update:
2b7902459803 Update gnulib version and drop most gnulib patches
It caused Coverity to continue to flag the issue. Daniel Kiper
sugguested to br
In grub_cmd_initrd(), memory is allocated for variable initrd_ctx
before calling grub_relocator_alloc_chunk_align_safe(). When the
function call fails, initrd_ctx should be freed before exiting
grub_cmd_initrd().
Fixes: CID 473852
Signed-off-by: Lidong Chen
---
grub-core/loader/i386/pc/linux.c
Commit 40e261b89b71 ensures that the variable len is at least 2.
As a result, GetLenToPosState(len) never returns a value greater
than or equal to kNumLenToPosStates, making the changes introduced
in the commit 16c0dbf4bc6a unreachable and no longer necessary.
This reverts commit 16c0dbf4bc6a953c4
In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
returns a value of greater or equal to 1, which is assigned to
'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
before performing "len - LZMA_MATCH_LEN_MIN" to avoid underflow
when 'len' equals to 1.
Fixed: CID 51
> On Jun 10, 2025, at 11:13 AM, Ross Philipson
> wrote:
>
> On 6/10/25 10:47 AM, Lidong Chen wrote:
>> In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
>> returns a value of greater or equal to 1, which is assigned to
>> 'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should b
In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum()
returns a value of greater or equal to 1, which is assigned to
'len'. But since LZMA_MATCH_LEN_MIN == 2, 'len' should be validated
before performing "len - LZMA_MATCH_LEN_MIN" to avoid underflow
when 'len' equals to 1.
Fixed: CID 51
16 matches
Mail list logo
