From 4a8d9c69050bd01a0be66695fea3b35b72f5a425 Mon Sep 17 00:00:00 2001 From: kamillo Date: Fri, 17 Feb 2023 22:02:22 +0100 Subject: [PATCH] Fix segfault when passed --index is greater than current boot order size Size of the order entry size (uint16_t) hasn't been taken into account for all calculations and caused memory corruption. Signed-off-by: kamillo --- src/efibootmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/efibootmgr.c b/src/efibootmgr.c index 255f61f..ded21a1 100644 --- a/src/efibootmgr.c +++ b/src/efibootmgr.c @@ -420,8 +420,8 @@ add_to_order(const char *name, uint16_t num, uint16_t insert_at) return -1; if (insert_at != 0) { - if (insert_at > order->data_size) - insert_at = order->data_size; + if (insert_at * sizeof(uint16_t) > order->data_size) + insert_at = order->data_size / sizeof(uint16_t); memcpy(new_data, old_data, insert_at * sizeof(uint16_t)); } new_data[insert_at] = num;