grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] menuentry: Fix for out of bound issue
@ 2025-10-09  9:19 Sudhakar Kuppusamy
  2025-10-09 13:11 ` Daniel Kiper
  0 siblings, 1 reply; 2+ messages in thread
From: Sudhakar Kuppusamy @ 2025-10-09  9:19 UTC (permalink / raw)
  To: grub-devel; +Cc: nayna, ssrish, sridharm, Sudhakar Kuppusamy

A menu entry with an empty title leads to an out-of-bounds access at
ch = src[len - 1] (i.e., `src` is empty and `len` is zero). So, fixing
this by checking the menu entry title length and throwing an error if
the length is zero.

Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
---
 grub-core/commands/menuentry.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 09749c415..e64bfeec7 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -266,6 +266,9 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
   if (! argc)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments");
 
+  if (! grub_strlen (args[argc - 1]))
+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "menuentry is missing title");
+
   if (ctxt->state[3].set && ctxt->script)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "multiple menuentry definitions");
 
-- 
2.50.1 (Apple Git-155)


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] menuentry: Fix for out of bound issue
  2025-10-09  9:19 [PATCH] menuentry: Fix for out of bound issue Sudhakar Kuppusamy
@ 2025-10-09 13:11 ` Daniel Kiper
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Kiper @ 2025-10-09 13:11 UTC (permalink / raw)
  To: Sudhakar Kuppusamy; +Cc: grub-devel, nayna, ssrish, sridharm

On Thu, Oct 09, 2025 at 02:49:39PM +0530, Sudhakar Kuppusamy wrote:

Missing "From: Sridhar Markonda <sridharm@linux.ibm.com>"...

I will add it for you...

> A menu entry with an empty title leads to an out-of-bounds access at
> ch = src[len - 1] (i.e., `src` is empty and `len` is zero). So, fixing
> this by checking the menu entry title length and throwing an error if
> the length is zero.
>
> Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
> Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-10-09 13:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-09  9:19 [PATCH] menuentry: Fix for out of bound issue Sudhakar Kuppusamy
2025-10-09 13:11 ` Daniel Kiper

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).