From 8576d0177fb3b5eaf8500f0bcd41d8ccf6992e33 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 12:20:25 +0000
Subject: [PATCH 1/2] Initial plan


From 185ca043d94c9ed762c72003cc158fcb5c9c4779 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 12:22:26 +0000
Subject: [PATCH 2/2] [drivers][block][efi] Fix GPT partition entry underflow
 vulnerability

Co-authored-by: BernardXiong <1241087+BernardXiong@users.noreply.github.com>
---
 components/drivers/block/partitions/efi.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/components/drivers/block/partitions/efi.c b/components/drivers/block/partitions/efi.c
index 22f6ba16591..a2947bdeda2 100644
--- a/components/drivers/block/partitions/efi.c
+++ b/components/drivers/block/partitions/efi.c
@@ -454,9 +454,13 @@ static rt_bool_t is_gpt_valid(struct rt_blk_disk *disk,
  */
 rt_inline rt_bool_t is_pte_valid(const gpt_entry *pte, const rt_size_t lastlba)
 {
+    rt_uint64_t start = rt_le64_to_cpu(pte->starting_lba);
+    rt_uint64_t end = rt_le64_to_cpu(pte->ending_lba);
+
     if ((!efi_guidcmp(pte->partition_type_guid, NULL_GUID)) ||
-        rt_le64_to_cpu(pte->starting_lba) > lastlba ||
-        rt_le64_to_cpu(pte->ending_lba) > lastlba)
+        start > lastlba ||
+        end > lastlba ||
+        end < start)
     {
         return RT_FALSE;
     }