If the last non-NULL byte of 'buf' is not a white-space character (such as when a read line is longer than the size of 'buf'), then 'p' will eventually point to the byte after the last byte in 'buf'. After which 'p' will be dereferenced in the while conditional leading to an out of bounds read. Make sure that 'p' is inside 'buf' before dereferencing it.
Signed-off-by: Glenn Washburn <developm...@efficientek.com> --- util/resolve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/resolve.c b/util/resolve.c index 3e887d2ff..5e9afa10c 100644 --- a/util/resolve.c +++ b/util/resolve.c @@ -102,7 +102,7 @@ read_dep_list (FILE *fp) dep_list = dep; /* Add dependencies. */ - while (*p) + while (p < (buf + sizeof (buf)) && *p) { struct mod_list *mod; char *name; -- 2.27.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel