cgptlib: Always zero-initialize GPT entries buffers
ClusterFuzz still managed to find cases where we try to CRC a GPT
entries buffer that wasn't initialized. Not that that's really an issue
or anything... but this patch should shut it up.
BRANCH=none
BUG=chromium:1155876
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110
Reviewed-by: Joel Kitching <kitching@chromium.org>
diff --git a/firmware/lib/gpt_misc.c b/firmware/lib/gpt_misc.c
index a0b0122..641ef37 100644
--- a/firmware/lib/gpt_misc.c
+++ b/firmware/lib/gpt_misc.c
@@ -35,6 +35,11 @@
gptdata->primary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);
gptdata->secondary_entries = (uint8_t *)malloc(GPT_ENTRIES_ALLOC_SIZE);
+ /* In some cases we try to validate header1 with entries2 or vice versa,
+ so make sure the entries buffers always got fully initialized. */
+ memset(gptdata->primary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+ memset(gptdata->secondary_entries, 0, GPT_ENTRIES_ALLOC_SIZE);
+
if (gptdata->primary_header == NULL ||
gptdata->secondary_header == NULL ||
gptdata->primary_entries == NULL ||
@@ -66,7 +71,6 @@
entries_sectors,
gptdata->primary_entries)) {
VB2_DEBUG("Read error in primary GPT entries\n");
- memset(gptdata->primary_entries, 0, entries_bytes);
primary_valid = 0;
}
} else {
@@ -103,7 +107,6 @@
entries_sectors,
gptdata->secondary_entries)) {
VB2_DEBUG("Read error in secondary GPT entries\n");
- memset(gptdata->secondary_entries, 0, entries_bytes);
secondary_valid = 0;
}
} else {
