linux: Do not pass excessive size for source string

Frediano Ziglio via Grub-devel Tue, 24 Jun 2025 23:56:19 -0700

The size passed to grub_utf8_to_utf16 for the source string is
used as a limit for the string if NUL character is not encountered
however len, which is strlen(src)*2+2 is surely greater than
strlen(src).
Pass (grub_size_t) -1 to consider only NUL terminator.


Signed-off-by: Frediano Ziglio <frediano.zig...@cloud.com>
---
 grub-core/loader/efi/linux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index ba268eccb..5befce4d7 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -231,7 +231,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, 
grub_size_t size, char *args)
 
   loaded_image->load_options_size =
     2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
-                           (grub_uint8_t *) args, len, NULL);
+                           (grub_uint8_t *) args, (grub_size_t) -1, NULL);
 
   grub_dprintf ("linux", "starting image %p\n", image_handle);
   status = b->start_image (image_handle, 0, NULL);
-- 
2.49.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v3 3/6] loader/efi/linux: Do not pass excessive size for source string

Reply via email to