execute: Fix potential underflow and NULL dereference

Daniel Kiper via Grub-devel Tue, 18 Feb 2025 10:07:06 -0800

From: Lidong Chen <lidong.c...@oracle.com>

The result is initialized to 0 in grub_script_arglist_to_argv().
If the for loop condition is not met both result.args and result.argc
remain 0 causing result.argc - 1 to underflow and/or result.args NULL
dereference. Fix the issues by adding relevant checks.


Fixes: CID 473880

Signed-off-by: Lidong Chen <lidong.c...@oracle.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
---
 grub-core/script/execute.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index e1450f45d..a86e0051f 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -760,6 +760,9 @@ cleanup:
        }
     }
 
+  if (result.args == NULL || result.argc == 0)
+    goto fail;
+
   if (! result.args[result.argc - 1])
     result.argc--;
 
-- 
2.11.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[SECURITY PATCH 65/73] script/execute: Fix potential underflow and NULL dereference

Reply via email to