Hi Daniel,
On 2025-10-15 09:52, Daniel Kiper wrote:
> On Tue, Oct 14, 2025 at 02:14:18PM -0600, Logan Gunthorpe via Grub-devel
> wrote:
>> + while (len > 0)
>> + {
>> + zstdio->output.size = file->offset + ret + len - current_offset;
>
> Is there any chance for overflow here? If yes then please use safe math
> from include/grub/safemath.h.
My read is that unless we are dealing with files greater than the two
offsets are 64bits and unlikely to ever see a file that doesn't fit.
len is going to be the size of a memory buffer and ret is going to be
less than or equal to ret. So it doesn't seem like an overflow is possible.
>> + grub_size_t delta = new_offset - (file->offset + ret);
>> + grub_memmove (buf, (grub_uint8_t *) zstdio->output.dst +
>> + (zstdio->output.pos - delta),
>
> Safe math? In general please check all math in this patch and use safe
> math macros where needed.
output.pos must be less than outsize which is defined by
ZSTD_DStreamOutSize () and will be much less than even a 32bit type.
delta is by definition less than pos.
(new_offset - file->offset) must be less than len.
This code is very similar to code in xzio.c and did not need any safe
math functions.
Please let me know if you disagree, otherwise I'll send a new version
next week.
Thanks,
Logan
_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel
