[Gptfdisk-general] Out of bounds write in ReadLogicalParts of basicmbr.cc (CVE-2021-0308)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

according to [1], a possible out of bounds write was found in GPT fdisk. This
has been patched downstream in Android [2] and the patch is available at [3].
However, I couldn't find this commit or an equivalent workaround in the
upstream repository on SourceForge [4]. Should the patch be applied upstream as
well?

Best,
Jonas

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0308
[2] https://source.android.com/security/bulletin/2021-01-01
[3] https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5%5E!
[4] https://sourceforge.net/p/gptfdisk/code/ci/master/tree/basicmbr.cc#l293