From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1KGSwq-0002yf-L0 for mharc-grub-devel@gnu.org; Wed, 09 Jul 2008 02:14:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KGSwn-0002ya-MV for grub-devel@gnu.org; Wed, 09 Jul 2008 02:14:37 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KGSwl-0002xk-9g for grub-devel@gnu.org; Wed, 09 Jul 2008 02:14:36 -0400 Received: from [199.232.76.173] (port=44374 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KGSwl-0002xZ-1t for grub-devel@gnu.org; Wed, 09 Jul 2008 02:14:35 -0400 Received: from c60.cesmail.net ([216.154.195.49]:56162) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.60) (envelope-from ) id 1KGSwk-0005X3-Ri for grub-devel@gnu.org; Wed, 09 Jul 2008 02:14:35 -0400 Received: from unknown (HELO relay.cesmail.net) ([192.168.1.81]) by c60.cesmail.net with ESMTP; 09 Jul 2008 02:14:33 -0400 Received: from [192.168.0.21] (static-72-92-88-10.phlapa.fios.verizon.net [72.92.88.10]) by relay.cesmail.net (Postfix) with ESMTP id BC713618F22 for ; Wed, 9 Jul 2008 02:14:33 -0400 (EDT) From: Pavel Roskin To: The development of GRUB 2 In-Reply-To: <200807080018.35215.okuji@enbug.org> References: <200807080018.35215.okuji@enbug.org> Content-Type: text/plain; charset=UTF-8 Date: Wed, 09 Jul 2008 02:14:32 -0400 Message-Id: <1215584072.31230.9.camel@dv> Mime-Version: 1.0 X-Mailer: Evolution 2.22.2 (2.22.2-2.fc9) Content-Transfer-Encoding: 8bit X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: a bug in read X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 06:14:38 -0000 On Tue, 2008-07-08 at 00:18 +0200, Yoshinori K. Okuji wrote: > Hello, > > I have noticed that read.c has a bug. In this line: > > while ((line[i - 1] != '\n') && (line[i - 1] != '\r')) > > LINE is not initialized yet at the first time, so this refers to a > uninitialized location. Thank you! What's worse, i is 0, so we are reading outside the buffer. I think this patch should do what the code was meant to do: diff --git a/commands/read.c b/commands/read.c index 1995918..96519f8 100644 --- a/commands/read.c +++ b/commands/read.c @@ -30,15 +30,16 @@ grub_getline (void) int i; char *line; char *tmp; + char last = 0; i = 0; line = grub_malloc (1 + i + sizeof('\0')); if (! line) return NULL; - while ((line[i - 1] != '\n') && (line[i - 1] != '\r')) + while ((last != '\n') && (last != '\r')) { - line[i] = grub_getkey (); + last = line[i] = grub_getkey (); if (grub_isprint (line[i])) grub_putchar (line[i]); i++; We should test all grub utilities in Valgrind to find such problems. By the way, read is not a part of grub-emu. We'll need to improve the build system to make such oversights less likely. We also need "exit" in grub-emu, as "reboot" doesn't sound right. -- Regards, Pavel Roskin