nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0431-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Daniel Axtens <dja@axtens.net>
80913e
Date: Fri, 22 Jan 2021 16:18:26 +1100
80913e
Subject: [PATCH] script/execute: Don't crash on a "for" loop with no items
80913e
80913e
The following crashes the parser:
80913e
80913e
  for x in; do
80913e
  0
80913e
  done
80913e
80913e
This is because grub_script_arglist_to_argv() doesn't consider the
80913e
possibility that arglist is NULL. Catch that explicitly.
80913e
80913e
This avoids a NULL pointer dereference.
80913e
80913e
Signed-off-by: Daniel Axtens <dja@axtens.net>
80913e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
80913e
---
80913e
 grub-core/script/execute.c | 3 +++
80913e
 1 file changed, 3 insertions(+)
80913e
80913e
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
b32e65
index 17f4dcab2..266d99ed3 100644
80913e
--- a/grub-core/script/execute.c
80913e
+++ b/grub-core/script/execute.c
80913e
@@ -658,6 +658,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist,
80913e
   struct grub_script_arg *arg = 0;
80913e
   struct grub_script_argv result = { 0, 0, 0 };
80913e
 
80913e
+  if (arglist == NULL)
80913e
+    return 1;
80913e
+
80913e
   for (; arglist && arglist->arg; arglist = arglist->next)
80913e
     {
80913e
       if (grub_script_argv_next (&result))