From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Alec Brown Date: Wed, 22 Jan 2025 02:55:11 +0000 Subject: [PATCH] disk: Check if returned pointer for allocated memory is NULL When using grub_malloc(), grub_zalloc() or grub_calloc(), these functions can fail if we are out of memory. After allocating memory we should check if these functions returned NULL and handle this error if they did. On the occasion make a NULL check in ATA code more obvious. Signed-off-by: Alec Brown Reviewed-by: Daniel Kiper --- grub-core/disk/ata.c | 4 ++-- grub-core/disk/ldm.c | 6 ++++++ grub-core/disk/lvm.c | 14 ++++++++++++++ grub-core/disk/memdisk.c | 2 ++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/grub-core/disk/ata.c b/grub-core/disk/ata.c index 8ba4e5c50..65d24103e 100644 --- a/grub-core/disk/ata.c +++ b/grub-core/disk/ata.c @@ -112,10 +112,10 @@ grub_ata_identify (struct grub_ata *dev) return grub_atapi_identify (dev); info64 = grub_malloc (GRUB_DISK_SECTOR_SIZE); + if (info64 == NULL) + return grub_errno; info32 = (grub_uint32_t *) info64; info16 = (grub_uint16_t *) info64; - if (! info16) - return grub_errno; grub_memset (&parms, 0, sizeof (parms)); parms.buffer = info16; diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c index 973fbfdcb..1510fb35a 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -292,6 +292,12 @@ make_vg (grub_disk_t disk, } pv->id.uuid = grub_malloc (sz); + if (pv->id.uuid == NULL) + { + grub_free (pv->internal_id); + grub_free (pv); + goto fail2; + } grub_memcpy (pv->id.uuid, ptr + 1, pv->id.uuidlen); pv->id.uuid[pv->id.uuidlen] = 0; diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c index 47a89e6d0..4fce7f226 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -332,6 +332,8 @@ error_parsing_metadata: break; pv = grub_zalloc (sizeof (*pv)); + if (pv == NULL) + goto fail4; q = p; while (*q != ' ' && q < mda_end) q++; @@ -341,6 +343,8 @@ error_parsing_metadata: s = q - p; pv->name = grub_malloc (s + 1); + if (pv->name == NULL) + goto pvs_fail_noname; grub_memcpy (pv->name, p, s); pv->name[s] = '\0'; @@ -413,6 +417,8 @@ error_parsing_metadata: break; lv = grub_zalloc (sizeof (*lv)); + if (lv == NULL) + goto fail4; q = p; while (*q != ' ' && q < mda_end) @@ -508,6 +514,8 @@ error_parsing_metadata: goto lvs_fail; } lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + if (lv->segments == NULL) + goto lvs_fail; seg = lv->segments; for (i = 0; i < lv->segment_count; i++) @@ -575,6 +583,8 @@ error_parsing_metadata: seg->nodes = grub_calloc (seg->node_count, sizeof (*stripe)); + if (seg->nodes == NULL) + goto lvs_segment_fail; stripe = seg->nodes; p = grub_strstr (p, "stripes = ["); @@ -635,6 +645,8 @@ error_parsing_metadata: } seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0])); + if (seg->nodes == NULL) + goto lvs_segment_fail; p = grub_strstr (p, "mirrors = ["); if (p == NULL) @@ -723,6 +735,8 @@ error_parsing_metadata: } seg->nodes = grub_calloc (seg->node_count, sizeof (seg->nodes[0])); + if (seg->nodes == NULL) + goto lvs_segment_fail; p = grub_strstr (p, "raids = ["); if (p == NULL) diff --git a/grub-core/disk/memdisk.c b/grub-core/disk/memdisk.c index 18863305e..63fc8f1a6 100644 --- a/grub-core/disk/memdisk.c +++ b/grub-core/disk/memdisk.c @@ -103,6 +103,8 @@ GRUB_MOD_INIT(memdisk) return; } memdisk_addr = grub_malloc (memdisk_size); + if (memdisk_addr == NULL) + return; grub_dprintf ("memdisk", "Copying memdisk image to dynamic memory\n"); grub_memmove (memdisk_addr, memdisk_orig_addr, memdisk_size);