|
|
468bd4 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
468bd4 |
From: Daniel Axtens <dja@axtens.net>
|
|
|
468bd4 |
Date: Mon, 11 Jan 2021 17:30:42 +1100
|
|
|
468bd4 |
Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
|
|
|
468bd4 |
function scope
|
|
|
468bd4 |
|
|
|
468bd4 |
"$#" represents the number of arguments to a function. It is only
|
|
|
468bd4 |
defined in a function scope, where "scope" is non-NULL. Currently,
|
|
|
468bd4 |
if we attempt to evaluate "$#" outside a function scope, "scope" will
|
|
|
468bd4 |
be NULL and we will crash with a NULL pointer dereference.
|
|
|
468bd4 |
|
|
|
468bd4 |
Do not attempt to count arguments for "$#" if "scope" is NULL. This
|
|
|
468bd4 |
will result in "$#" being interpreted as an empty string if evaluated
|
|
|
468bd4 |
outside a function scope.
|
|
|
468bd4 |
|
|
|
468bd4 |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
468bd4 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
468bd4 |
---
|
|
|
468bd4 |
grub-core/script/execute.c | 2 +-
|
|
|
468bd4 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
468bd4 |
|
|
|
468bd4 |
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
|
|
|
030dc3 |
index 2e47c046741..17f4dcab2c6 100644
|
|
|
468bd4 |
--- a/grub-core/script/execute.c
|
|
|
468bd4 |
+++ b/grub-core/script/execute.c
|
|
|
468bd4 |
@@ -519,7 +519,7 @@ gettext_putvar (const char *str, grub_size_t len,
|
|
|
468bd4 |
return 0;
|
|
|
468bd4 |
|
|
|
468bd4 |
/* Enough for any number. */
|
|
|
468bd4 |
- if (len == 1 && str[0] == '#')
|
|
|
468bd4 |
+ if (len == 1 && str[0] == '#' && scope != NULL)
|
|
|
468bd4 |
{
|
|
|
468bd4 |
grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
|
|
|
468bd4 |
*ptr += grub_strlen (*ptr);
|