nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Daniel Axtens <dja@axtens.net>
468bd4
Date: Mon, 11 Jan 2021 17:30:42 +1100
468bd4
Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
468bd4
 function scope
468bd4
468bd4
"$#" represents the number of arguments to a function. It is only
468bd4
defined in a function scope, where "scope" is non-NULL. Currently,
468bd4
if we attempt to evaluate "$#" outside a function scope, "scope" will
468bd4
be NULL and we will crash with a NULL pointer dereference.
468bd4
468bd4
Do not attempt to count arguments for "$#" if "scope" is NULL. This
468bd4
will result in "$#" being interpreted as an empty string if evaluated
468bd4
outside a function scope.
468bd4
468bd4
Signed-off-by: Daniel Axtens <dja@axtens.net>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/script/execute.c | 2 +-
468bd4
 1 file changed, 1 insertion(+), 1 deletion(-)
468bd4
468bd4
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
030dc3
index 2e47c046741..17f4dcab2c6 100644
468bd4
--- a/grub-core/script/execute.c
468bd4
+++ b/grub-core/script/execute.c
468bd4
@@ -519,7 +519,7 @@ gettext_putvar (const char *str, grub_size_t len,
468bd4
     return 0;
468bd4
 
468bd4
   /* Enough for any number.  */
468bd4
-  if (len == 1 && str[0] == '#')
468bd4
+  if (len == 1 && str[0] == '#' && scope != NULL)
468bd4
     {
468bd4
       grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
468bd4
       *ptr += grub_strlen (*ptr);