nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0429-script-execute-Avoid-crash-when-using-outside-a-func.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Daniel Axtens <dja@axtens.net>
9723a8
Date: Mon, 11 Jan 2021 17:30:42 +1100
9723a8
Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
9723a8
 function scope
9723a8
9723a8
"$#" represents the number of arguments to a function. It is only
9723a8
defined in a function scope, where "scope" is non-NULL. Currently,
9723a8
if we attempt to evaluate "$#" outside a function scope, "scope" will
9723a8
be NULL and we will crash with a NULL pointer dereference.
9723a8
9723a8
Do not attempt to count arguments for "$#" if "scope" is NULL. This
9723a8
will result in "$#" being interpreted as an empty string if evaluated
9723a8
outside a function scope.
9723a8
9723a8
Signed-off-by: Daniel Axtens <dja@axtens.net>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/script/execute.c | 2 +-
9723a8
 1 file changed, 1 insertion(+), 1 deletion(-)
9723a8
9723a8
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
b71686
index 2e47c0467..17f4dcab2 100644
9723a8
--- a/grub-core/script/execute.c
9723a8
+++ b/grub-core/script/execute.c
9723a8
@@ -519,7 +519,7 @@ gettext_putvar (const char *str, grub_size_t len,
9723a8
     return 0;
9723a8
 
9723a8
   /* Enough for any number.  */
9723a8
-  if (len == 1 && str[0] == '#')
9723a8
+  if (len == 1 && str[0] == '#' && scope != NULL)
9723a8
     {
9723a8
       grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
9723a8
       *ptr += grub_strlen (*ptr);