nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0288-gfxmenu-Fix-double-free-in-load_image.patch

a4d572
From 583a48bca23f7c4e0d691f0e6d065dac61bbfca1 Mon Sep 17 00:00:00 2001
a4d572
From: Alexey Makhalov <amakhalov@vmware.com>
a4d572
Date: Wed, 8 Jul 2020 20:41:56 +0000
a4d572
Subject: [PATCH 288/314] gfxmenu: Fix double free in load_image()
a4d572
a4d572
self->bitmap should be zeroed after free. Otherwise, there is a chance
a4d572
to double free (USE_AFTER_FREE) it later in rescale_image().
a4d572
a4d572
Fixes: CID 292472
a4d572
a4d572
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
a4d572
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
a4d572
Upstream-commit-id: 5d3e84b15a4
a4d572
---
a4d572
 grub-core/gfxmenu/gui_image.c | 5 ++++-
a4d572
 1 file changed, 4 insertions(+), 1 deletion(-)
a4d572
a4d572
diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
a4d572
index 29784ed2d9a..6b2e976f16e 100644
a4d572
--- a/grub-core/gfxmenu/gui_image.c
a4d572
+++ b/grub-core/gfxmenu/gui_image.c
a4d572
@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
a4d572
     return grub_errno;
a4d572
 
a4d572
   if (self->bitmap && (self->bitmap != self->raw_bitmap))
a4d572
-    grub_video_bitmap_destroy (self->bitmap);
a4d572
+    {
a4d572
+      grub_video_bitmap_destroy (self->bitmap);
a4d572
+      self->bitmap = 0;
a4d572
+    }
a4d572
   if (self->raw_bitmap)
a4d572
     grub_video_bitmap_destroy (self->raw_bitmap);
a4d572
 
a4d572
-- 
a4d572
2.26.2
a4d572