A menu entry with an empty title leads to an out-of-bounds access at ch = src[len - 1] (i.e., `src` is empty and `len` is zero). So, fixing this by checking the menu entry title length and throwing an error if the length is zero.
Signed-off-by: Sridhar Markonda <[email protected]> Signed-off-by: Sudhakar Kuppusamy <[email protected]> --- grub-core/commands/menuentry.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c index 09749c415..e64bfeec7 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -266,6 +266,9 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) if (! argc) return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments"); + if (! grub_strlen (args[argc - 1])) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "menuentry is missing title"); + if (ctxt->state[3].set && ctxt->script) return grub_error (GRUB_ERR_BAD_ARGUMENT, "multiple menuentry definitions"); -- 2.50.1 (Apple Git-155) _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
