On Mon, Jun 23, 2025 at 12:33 PM Frediano Ziglio via Grub-devel <grub-devel@gnu.org> wrote: > > If a simple string for arguments are passed it should be NUL > terminated. This is true for other code but not for "linux" > command. > > Signed-off-by: Frediano Ziglio <frediano.zig...@cloud.com> > --- > grub-core/loader/efi/linux.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c > index 78ea07ca8..afda6ef8f 100644 > --- a/grub-core/loader/efi/linux.c > +++ b/grub-core/loader/efi/linux.c > @@ -190,7 +190,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, > grub_size_t size, char *args) > grub_efi_boot_services_t *b; > grub_efi_status_t status; > grub_efi_loaded_image_t *loaded_image; > - int len; > + grub_size_t len; > > mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); > if (!mempath) > @@ -230,9 +230,10 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, > grub_size_t size, char *args) > if (!loaded_image->load_options) > return grub_errno; > > - loaded_image->load_options_size = > - 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, > - (grub_uint8_t *) args, len, NULL); > + len = grub_utf8_to_utf16 (loaded_image->load_options, len, > + (grub_uint8_t *) args, (grub_size_t) -1, NULL); > + ((grub_efi_char16_t*)loaded_image->load_options)[len++] = 0; /* NUL > terminate */ > + loaded_image->load_options_size = len * sizeof (grub_efi_char16_t); >
According to the description, grub_utf8_to_utf16 may return -1 which would be a problem here since it is then used as an array index. The assignment of loaded_image->load_options_size just above (out of the patch context) seems unnecessary now. Ross _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel