> On 19 Nov 2025, at 5:41 PM, Daniel Kiper <[email protected]> wrote: > > On Wed, Nov 19, 2025 at 03:23:53PM +0530, Sudhakar Kuppusamy wrote: >>> On 19 Nov 2025, at 2:26 PM, Avnish Chouhan <[email protected]> wrote: >>> On 2025-11-18 22:31, [email protected] wrote: >>>> Message: 2 >>>> Date: Tue, 18 Nov 2025 19:55:39 +0530 >>>> From: Sudhakar Kuppusamy <[email protected]> >>>> To: [email protected] >>>> Cc: Sudhakar Kuppusamy <[email protected]>, [email protected], >>>> [email protected], [email protected] >>>> Subject: [PATCH] linux/ofpath: Add missing strdup failure checks >>>> Message-ID: <[email protected]> >>>> Segmentation faults or undefined behaviour may result from a null pointer >>>> dereference in strip_trailing_digits and grub_util_devname_to_ofpath if >>>> strdup() fails. Therefore, I added a NULL check to fix this. >>>> Signed-off-by: Sudhakar Kuppusamy <[email protected]> >>>> --- >>>> grub-core/osdep/linux/ofpath.c | 11 +++++++++++ >>>> 1 file changed, 11 insertions(+) >>>> diff --git a/grub-core/osdep/linux/ofpath.c >>>> b/grub-core/osdep/linux/ofpath.c >>>> index a6153d359..ade5220db 100644 >>>> --- a/grub-core/osdep/linux/ofpath.c >>>> +++ b/grub-core/osdep/linux/ofpath.c >>>> @@ -695,6 +695,9 @@ strip_trailing_digits (const char *p) >>>> char *new, *end; >>>> new = strdup (p); >>>> + if (new == NULL) >>>> + return NULL; >>>> + >>>> end = new + strlen(new) - 1; >>>> while (end >= new) >>>> { >>>> @@ -715,7 +718,15 @@ grub_util_devname_to_ofpath (const char *sys_devname) >>>> device = get_basename (name_buf); >>>> devnode = strip_trailing_digits (name_buf); >>>> + if (devnode == NULL) >>> >>> Hi Sudhakar, >>> >>> This change will lead to a memory leak. You need to add "free (name_buf);" >>> here before retuning! >>> >>>> + return NULL; >>>> + >>>> devicenode = strip_trailing_digits (device); >>>> + if (devicenode == NULL) >>>> + { >>>> + free (devnode); >>> >>> And here too, "free (name_buf);"...... >>> >> >> Thank you Avnish for the review. I will fix it on v1. > > This patch is in. So, please provide a fix on top of it. > > Daniel
Hi Daniel, I could not see this patch in https://cgit.git.savannah.gnu.org/cgit/grub.git/ Thanks, Sudhakar _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
