Segmentation faults or undefined behaviour may result from a null pointer dereference in strip_trailing_digits and grub_util_devname_to_ofpath if strdup() fails. Therefore, I added a NULL check to fix this.
Signed-off-by: Sudhakar Kuppusamy <[email protected]> Reviewed-by: Srish Srinivasan <[email protected]> --- grub-core/osdep/linux/ofpath.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c index a6153d359..a3747b248 100644 --- a/grub-core/osdep/linux/ofpath.c +++ b/grub-core/osdep/linux/ofpath.c @@ -695,6 +695,9 @@ strip_trailing_digits (const char *p) char *new, *end; new = strdup (p); + if (new == NULL) + return NULL; + end = new + strlen(new) - 1; while (end >= new) { @@ -709,13 +712,18 @@ strip_trailing_digits (const char *p) char * grub_util_devname_to_ofpath (const char *sys_devname) { - char *name_buf, *device, *devnode, *devicenode, *ofpath; + char *name_buf, *device, *devnode, *devicenode, *ofpath = NULL; name_buf = xrealpath (sys_devname); device = get_basename (name_buf); devnode = strip_trailing_digits (name_buf); + if (devnode == NULL) + goto devnode_fail + devicenode = strip_trailing_digits (device); + if (devicenode == NULL) + goto devicenode_fail; if (device[0] == 'h' && device[1] == 'd') ofpath = of_path_of_ide(name_buf, device, devnode, devicenode); @@ -741,8 +749,10 @@ grub_util_devname_to_ofpath (const char *sys_devname) ofpath = NULL; } - free (devnode); free (devicenode); + devicenode_fail: + free (devnode); + devnode_fail: free (name_buf); return ofpath; -- 2.50.1 (Apple Git-155) _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
