nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Daniel Axtens <dja@axtens.net>
468bd4
Date: Fri, 22 Jan 2021 16:18:26 +1100
468bd4
Subject: [PATCH] script/execute: Don't crash on a "for" loop with no items
468bd4
468bd4
The following crashes the parser:
468bd4
468bd4
  for x in; do
468bd4
  0
468bd4
  done
468bd4
468bd4
This is because grub_script_arglist_to_argv() doesn't consider the
468bd4
possibility that arglist is NULL. Catch that explicitly.
468bd4
468bd4
This avoids a NULL pointer dereference.
468bd4
468bd4
Signed-off-by: Daniel Axtens <dja@axtens.net>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/script/execute.c | 3 +++
468bd4
 1 file changed, 3 insertions(+)
468bd4
468bd4
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
09e3cc
index 17f4dcab2..266d99ed3 100644
468bd4
--- a/grub-core/script/execute.c
468bd4
+++ b/grub-core/script/execute.c
468bd4
@@ -658,6 +658,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist,
468bd4
   struct grub_script_arg *arg = 0;
468bd4
   struct grub_script_argv result = { 0, 0, 0 };
468bd4
 
468bd4
+  if (arglist == NULL)
468bd4
+    return 1;
468bd4
+
468bd4
   for (; arglist && arglist->arg; arglist = arglist->next)
468bd4
     {
468bd4
       if (grub_script_argv_next (&result))