From 5dc41edc4eba259c6043ae7698c245ec1baaacc6 Mon Sep 17 00:00:00 2001 From: Darren Kenny Date: Thu, 5 Nov 2020 14:33:50 +0000 Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value The return value of ftell() may be negative (-1) on error. While it is probably unlikely to occur, we should not blindly cast to an unsigned value without first testing that it is not negative. Fixes: CID 73856 Signed-off-by: Darren Kenny Reviewed-by: Daniel Kiper Signed-off-by: Stefan Sørensen --- util/grub-editenv.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/util/grub-editenv.c b/util/grub-editenv.c index f3662c9..db6f187 100644 --- a/util/grub-editenv.c +++ b/util/grub-editenv.c @@ -125,6 +125,7 @@ open_envblk_file (const char *name) { FILE *fp; char *buf; + long loc; size_t size; grub_envblk_t envblk; @@ -143,7 +144,12 @@ open_envblk_file (const char *name) grub_util_error (_("cannot seek `%s': %s"), name, strerror (errno)); - size = (size_t) ftell (fp); + loc = ftell (fp); + if (loc < 0) + grub_util_error (_("cannot get file location `%s': %s"), name, + strerror (errno)); + + size = (size_t) loc; if (fseek (fp, 0, SEEK_SET) < 0) grub_util_error (_("cannot seek `%s': %s"), name, -- 2.14.2