> On 10 Nov 2025, at 8:27 PM, Avnish Chouhan <[email protected]> wrote: > > Adding a failure check in grub_strdup(). If grub_strdup fails > (e.g., due to memory allocation failure), it returns NULL. > Then, passing assign (which would be NULL) to grub_strchr() > will result in a null pointer dereference, which can > cause undefined behavior. > > Signed-off-by: Avnish Chouhan <[email protected]>
Reviewed-by: Sudhakar Kuppusamy <[email protected]> Thanks, Sudhakar > --- > grub-core/script/execute.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c > index da99dfa..62afcdc 100644 > --- a/grub-core/script/execute.c > +++ b/grub-core/script/execute.c > @@ -1015,6 +1015,9 @@ grub_script_execute_cmdline (struct grub_script_cmd > *cmd) > { > /* As a last resort, try if it is an assignment. */ > char *assign = grub_strdup (cmdname); > + if (assign == NULL) > + return grub_errno; > + > char *eq = grub_strchr (assign, '='); > > if (eq) > -- > 2.47.1 > > > _______________________________________________ > Grub-devel mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
