Fix segfault when passed --index is greater than current boot order size

Size of the order entry size (uint16_t) hasn't been taken into account for all calculations and caused memory corruption. Signed-off-by: kamillo <[email protected]>
rhboot · Feb 20, 2023 · 4a8d9c6 · 4a8d9c6
1 parent b0f8108
commit 4a8d9c6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
@@ -420,8 +420,8 @@ add_to_order(const char *name, uint16_t num, uint16_t insert_at)
 		return -1;
 
 	if (insert_at != 0) {
-		if (insert_at > order->data_size)
-			insert_at = order->data_size;
+		if (insert_at * sizeof(uint16_t) > order->data_size)
+			insert_at = order->data_size / sizeof(uint16_t);
 		memcpy(new_data, old_data, insert_at * sizeof(uint16_t));
 	}
 	new_data[insert_at] = num;