The first patch fixes an OOB read bug and the second outputs a less confusing error to the user when the moddep.lst line is too long. Really it would be better to support lines of unlimited length, but I'm not motivated to add that. The condition under which these issues are triggered should never really happen because no module (currently) has enough dependencies to generate such long lines in moddep.lst. I was triggering this under some odd conditions where the all_video module dependency line contained all grub modules. So I think having a max length for moddep.lst lines is reasonable at this point.
Glenn Glenn Washburn (2): util/resolve.c: Do not read past the end of the array in read_dep_list util/resolve.c: Bail with error if moddep lst file line is too long util/resolve.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -- 2.27.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
