On Wed, Nov 5, 2014 at 3:53 PM, Leif Lindholm <[email protected]> wrote: > The EFI version of grub_machine_get_bootlocation crops the boot image > name back to the last / in order to get a directory path. However, it > does not check that *name is actually set before calling grub_strrchr > to do this, and neither does grub_strrchr before dereferencing a NULL > pointer. >
I wonder - do you actually have firmware that returns empty path? > Parent function, grub_set_prefix_and_root, does check the pointer > before using. > > Signed-off-by: Leif Lindholm <[email protected]> > --- > grub-core/kern/efi/init.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c > index 942ab02..e9c85de 100644 > --- a/grub-core/kern/efi/init.c > +++ b/grub-core/kern/efi/init.c > @@ -63,10 +63,13 @@ grub_machine_get_bootlocation (char **device, char > **path) > if (!*device && grub_efi_net_config) > grub_efi_net_config (image->device_handle, device, path); > > - /* Get the directory. */ > - p = grub_strrchr (*path, '/'); > - if (p) > - *p = '\0'; > + if (*path) > + { > + /* Get the directory. */ > + p = grub_strrchr (*path, '/'); > + if (p) > + *p = '\0'; > + } > } > > void > -- > 1.7.10.4 > > _______________________________________________ > Grub-devel mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
