From: Daniel Axtens <d...@axtens.net> This is an ugly fix that doesn't address why gzio->tl comes to be NULL. However, it seems to be sufficient to patch up a bunch of NULL derefs.
It would be good to revisit this in future and see if we can have a cleaner solution that addresses some of the causes of the unexpected NULL pointers. Signed-off-by: Daniel Axtens <d...@axtens.net> Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> --- grub-core/io/gzio.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c index 43d98a7bd..4a8eaeae2 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio) { if (! gzio->code_state) { + + if (gzio->tl == NULL) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); + return 1; + } + NEEDBITS ((unsigned) gzio->bl); if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16) do @@ -707,6 +714,12 @@ inflate_codes_in_window (grub_gzio_t gzio) n = t->v.n + ((unsigned) b & mask_bits[e]); DUMPBITS (e); + if (gzio->td == NULL) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td"); + return 1; + } + /* decode distance of block to copy */ NEEDBITS ((unsigned) gzio->bd); if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16) @@ -917,6 +930,13 @@ init_dynamic_block (grub_gzio_t gzio) n = nl + nd; m = mask_bits[gzio->bl]; i = l = 0; + + if (gzio->tl == NULL) + { + grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl"); + return; + } + while ((unsigned) i < n) { NEEDBITS ((unsigned) gzio->bl); -- 2.11.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel