The size passed to grub_utf8_to_utf16 for the source string is used as a limit for the string if NUL character is not encountered however len, which is strlen(src)*2+2 is surely greater than strlen(src). Pass the exact correct length.
Signed-off-by: Frediano Ziglio <frediano.zig...@cloud.com> --- Changes since v3: - pass exact size, not -1. --- grub-core/loader/efi/linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c index ba268eccb..38d5243fe 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader/efi/linux.c @@ -191,6 +191,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) grub_efi_status_t status; grub_efi_loaded_image_t *loaded_image; int len; + grub_size_t args_len; mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); if (!mempath) @@ -223,7 +224,8 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) grub_error (GRUB_ERR_BAD_FIRMWARE, "missing loaded_image proto"); goto unload; } - len = (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); + args_len = grub_strlen (args); + len = (args_len + 1) * sizeof (grub_efi_char16_t); loaded_image->load_options = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (len)); if (!loaded_image->load_options) @@ -231,7 +233,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) loaded_image->load_options_size = 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, - (grub_uint8_t *) args, len, NULL); + (grub_uint8_t *) args, args_len, NULL); grub_dprintf ("linux", "starting image %p\n", image_handle); status = b->start_image (image_handle, 0, NULL); -- 2.49.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel