File 0007-libgcrypt-Fix-Coverity-warnings.patch of Package grub2
From e23704ad48ab51a9b4bbe1ef218990b55c28f0e2 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Mon, 7 Jul 2025 14:52:13 +0000
Subject: [PATCH 07/14] libgcrypt: Fix Coverity warnings
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
.../libgcrypt-patches/03_mpiutil_alloc.patch | 18 ++++++++++
.../lib/libgcrypt-patches/03_sexp_free.patch | 35 +++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
create mode 100644 grub-core/lib/libgcrypt-patches/03_sexp_free.patch
diff --git a/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
new file mode 100644
index 000000000..42c6b2bd7
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
@@ -0,0 +1,18 @@
+mpiutil: Fix NULL pointer dereference in case of failed alloc
+
+Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpiutil.c b/grub-core/lib/libgcrypt/mpi/mpiutil.c
+index 3a372374f..dc53db09d 100644
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
++++ b/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
+@@ -432,6 +432,9 @@ _gcry_mpi_alloc_like( gcry_mpi_t a )
+ int n = (a->sign+7)/8;
+ void *p = _gcry_is_secure(a->d)? xtrymalloc_secure (n)
+ : xtrymalloc (n);
++ if ( !p ) {
++ _gcry_fatal_error (GPG_ERR_ENOMEM, NULL);
++ }
+ memcpy( p, a->d, n );
+ b = mpi_set_opaque( NULL, p, a->sign );
+ }
diff --git a/grub-core/lib/libgcrypt-patches/03_sexp_free.patch b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
new file mode 100644
index 000000000..1c0ffd644
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
@@ -0,0 +1,35 @@
+sexp: Add missing free on error path
+
+Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
+
+diff --git a/grub-core/lib/libgcrypt/src/sexp.c b/grub-core/lib/libgcrypt/src/sexp.c
+index d15f1a790..250559f75 100644
+--- a/grub-core/lib/libgcrypt-grub/src/sexp.c
++++ b/grub-core/lib/libgcrypt-grub/src/sexp.c
+@@ -1157,6 +1157,17 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ } \
+ } while (0)
+
++#define MAKE_SPACE_EXTRA_CLEANUP(n, cleanup) do { \
++ gpg_err_code_t _ms_err = make_space (&c, (n)); \
++ if (_ms_err) \
++ { \
++ err = _ms_err; \
++ *erroff = p - buffer; \
++ cleanup; \
++ goto leave; \
++ } \
++ } while (0)
++
+ /* The STORE_LEN macro is used to store the length N at buffer P. */
+ #define STORE_LEN(p,n) do { \
+ DATALEN ashort = (n); \
+@@ -1368,7 +1379,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ goto leave;
+ }
+
+- MAKE_SPACE (datalen);
++ MAKE_SPACE_EXTRA_CLEANUP (datalen, xfree (b64buf));
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, datalen);
+ for (i = 0; i < datalen; i++)
--
2.43.0
