max_glyph_height

Daniel Kiper Tue, 15 Nov 2022 10:03:09 -0800

From: Zhang Boyang <zhangboyang...@gmail.com>

Check glyph's width and height against limits specified in font's
metadata. Reject the glyph (and font) if such limits are exceeded.


Signed-off-by: Zhang Boyang <zhangboyang...@gmail.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
---
 grub-core/font/font.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 42189c325..756ca0abf 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font, 
grub_uint32_t code)
          || read_be_uint16 (font->file, &height) != 0
          || read_be_int16 (font->file, &xoff) != 0
          || read_be_int16 (font->file, &yoff) != 0
-         || read_be_int16 (font->file, &dwidth) != 0)
+         || read_be_int16 (font->file, &dwidth) != 0
+         || width > font->max_char_width
+         || height > font->max_char_height)
        {
          remove_font (font);
          return 0;
-- 
2.11.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[SECURITY PATCH 01/13] font: Reject glyphs exceeds font->max_glyph_width or font->max_glyph_height

Reply via email to