:: commit 0af1b2b155b7275d8f56f4b72dc3d69bd55b1449
multiboot2: Add tag size validation to prevent infinite loop
diff --git a/common/protos/multiboot2.c b/common/protos/multiboot2.c
index 64a59b4c..3f113455 100644
--- a/common/protos/multiboot2.c
+++ b/common/protos/multiboot2.c
@@ -139,6 +139,9 @@ noreturn void multiboot2_load(char *config, char* cmdline) {
for (struct multiboot_header_tag *tag = (struct multiboot_header_tag*)(header + 1); // header + 1 to skip the header struct.
tag < (struct multiboot_header_tag *)((uintptr_t)header + header->header_length) && tag->type != MULTIBOOT_HEADER_TAG_END;
tag = (struct multiboot_header_tag *)((uintptr_t)tag + ALIGN_UP(tag->size, MULTIBOOT_TAG_ALIGN))) {
+ if (tag->size == 0) {
+ break;
+ }
bool is_required = !(tag->flags & MULTIBOOT_HEADER_TAG_OPTIONAL);
switch (tag->type) {
case MULTIBOOT_HEADER_TAG_INFORMATION_REQUEST: {
