[PATCH] normal/charset: Fix underflow and overflow in loop init

Lidong Chen via Grub-devel Wed, 18 Jun 2025 12:26:00 -0700

In bidi_line_wrap(), "kk - 1" in the for loop init, "i = kk - 1",
underflows when 'kk' (unsigned int) is 0. Assigning the result of
'kk - 1' to signed int 'i' may cause overflow. To address both
issues, cast 'kk' to a signed type before subtraction to ensure
safe arithmetic and assignment.


Fixed: CID 473874

Signed-off-by: Lidong Chen <lidong.c...@oracle.com>
---
 grub-core/normal/charset.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c
index 4f6647116..a321c8438 100644
--- a/grub-core/normal/charset.c
+++ b/grub-core/normal/charset.c
@@ -738,7 +738,7 @@ bidi_line_wrap (struct grub_unicode_glyph *visual_out,
          {
            int right_join = 0;
            signed i;
-           for (i = kk - 1; i >= 0 && (unsigned) i + 1 > line_start;
+           for (i = (signed) kk - 1; i >= 0 && (unsigned) i + 1 > line_start;
                 i--)
              {
                enum grub_join_type join_type = get_join_type (visual[i].base);
-- 
2.34.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH] normal/charset: Fix underflow and overflow in loop init

Reply via email to