From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1IpseG-00014b-IQ
	for mharc-grub-devel@gnu.org; Wed, 07 Nov 2007 16:41:20 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IpseD-0000zr-Kc
	for grub-devel@gnu.org; Wed, 07 Nov 2007 16:41:17 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IpseB-0000xc-LB
	for grub-devel@gnu.org; Wed, 07 Nov 2007 16:41:15 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IpseB-0000xX-7v
	for grub-devel@gnu.org; Wed, 07 Nov 2007 16:41:15 -0500
Received: from mailout08.sul.t-online.de ([194.25.134.20]
	helo=mailout08.sul.t-online.com)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <Christian.Franke@t-online.de>) id 1IpseA-0006i1-CS
	for grub-devel@gnu.org; Wed, 07 Nov 2007 16:41:14 -0500
Received: from fwd29.aul.t-online.de by mailout08.sul.t-online.com with smtp 
	id 1Ipse8-00078l-02; Wed, 07 Nov 2007 22:41:12 +0100
Received: from [10.3.2.2]
	(rSRikvZG8hKHi2bi-T2p0EfXvSFbwhXqRI7AGgQaOMEPrpchGsl1m+-rFQN-nHagq3@[217.235.198.8])
	by fwd29.aul.t-online.de
	with esmtp id 1Ipse2-1h3mW80; Wed, 7 Nov 2007 22:41:06 +0100
Message-ID: <473230F2.6040305@t-online.de>
Date: Wed, 07 Nov 2007 22:41:06 +0100
From: Christian Franke <Christian.Franke@t-online.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4
MIME-Version: 1.0
To: grub-devel@gnu.org
Content-Type: multipart/mixed; boundary="------------090609070105050508050207"
X-ID: rSRikvZG8hKHi2bi-T2p0EfXvSFbwhXqRI7AGgQaOMEPrpchGsl1m+-rFQN-nHagq3
X-TOI-MSGID: c8469ec6-932e-4c55-95d4-ae8408b87d1f
X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 3)
Subject: [PATCH] Avoid crash on empty menu
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2007 21:41:18 -0000

This is a multi-part message in MIME format.
--------------090609070105050508050207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

If grub.cfg does not contain any valid menuentry statements, an empty 
menu is opened.
grub-emu crashes (and real grub behaves "interesting") if the first 
entry is selected.

The attached patch adds the missing nullptr checks.

An alternative would be to treat an empty menu as a syntax error in 
main.c::read_config_file(), at least if !nested.


During testing, I found the following issues:

- If the file does not exist, read_config_file() produces a memory leak, 
because newmenu is allocated first.

- The commands "source FILE" and "configfile FILE" open a nested normal 
mode shell (and produce this leak) if the file is missing. An error 
message should IMO be printed instead.

- The sequence "c" -> "rescue" -> "normal" appends the same entries to 
the existing menu, because the old entry is reused from "menu" data slot.

Thanks for any comment.

Christian

2007-11-07  Christian Franke  <franke@computer.org>

	* normal/menu.c (menu_run): Check for empty menu to avoid crash.
	(grub_run_menu): Likewise.



--------------090609070105050508050207
Content-Type: text/x-patch;
 name="grub2-menu-crash.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="grub2-menu-crash.patch"

--- grub2.orig/normal/menu.c	2007-08-20 16:35:20.000000000 +0200
+++ grub2/normal/menu.c	2007-11-07 21:57:44.375000000 +0100
@@ -412,7 +412,11 @@ run_menu (grub_menu_t menu, int nested)
 	      goto refresh;
 
 	    case 'e':
-	      grub_menu_entry_run (get_entry (menu, first + offset));
+		{
+		  grub_menu_entry_t e = get_entry (menu, first + offset);
+		  if (e)
+		    grub_menu_entry_run (e);
+		}
 	      goto refresh;
 	      
 	    default:
@@ -451,10 +455,13 @@ grub_menu_run (grub_menu_t menu, int nes
       if (boot_entry < 0)
 	break;
 
+      e = get_entry (menu, boot_entry);
+      if (! e)
+	continue; /* menu is empty */
+	
       grub_cls ();
       grub_setcursor (1);
 
-      e = get_entry (menu, boot_entry);
       grub_printf ("  Booting \'%s\'\n\n", e->title);
   
       run_menu_entry (e);

--------------090609070105050508050207--