* [PATCH] menuentry: Fix for out of bound issue
@ 2025-10-09 9:19 Sudhakar Kuppusamy
2025-10-09 13:11 ` Daniel Kiper
0 siblings, 1 reply; 2+ messages in thread
From: Sudhakar Kuppusamy @ 2025-10-09 9:19 UTC (permalink / raw)
To: grub-devel; +Cc: nayna, ssrish, sridharm, Sudhakar Kuppusamy
A menu entry with an empty title leads to an out-of-bounds access at
ch = src[len - 1] (i.e., `src` is empty and `len` is zero). So, fixing
this by checking the menu entry title length and throwing an error if
the length is zero.
Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
---
grub-core/commands/menuentry.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 09749c415..e64bfeec7 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -266,6 +266,9 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
if (! argc)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments");
+ if (! grub_strlen (args[argc - 1]))
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "menuentry is missing title");
+
if (ctxt->state[3].set && ctxt->script)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "multiple menuentry definitions");
--
2.50.1 (Apple Git-155)
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] menuentry: Fix for out of bound issue
2025-10-09 9:19 [PATCH] menuentry: Fix for out of bound issue Sudhakar Kuppusamy
@ 2025-10-09 13:11 ` Daniel Kiper
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Kiper @ 2025-10-09 13:11 UTC (permalink / raw)
To: Sudhakar Kuppusamy; +Cc: grub-devel, nayna, ssrish, sridharm
On Thu, Oct 09, 2025 at 02:49:39PM +0530, Sudhakar Kuppusamy wrote:
Missing "From: Sridhar Markonda <sridharm@linux.ibm.com>"...
I will add it for you...
> A menu entry with an empty title leads to an out-of-bounds access at
> ch = src[len - 1] (i.e., `src` is empty and `len` is zero). So, fixing
> this by checking the menu entry title length and throwing an error if
> the length is zero.
>
> Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
> Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-10-09 13:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-09 9:19 [PATCH] menuentry: Fix for out of bound issue Sudhakar Kuppusamy
2025-10-09 13:11 ` Daniel Kiper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).