1*4882a593SmuzhiyunFrom 0a05f88e2bb33ed2a0cfd93f481f471efb7791aa Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Daniel Axtens <dja@axtens.net> 3*4882a593SmuzhiyunDate: Fri, 22 Jan 2021 16:18:26 +1100 4*4882a593SmuzhiyunSubject: [PATCH] script/execute: Don't crash on a "for" loop with no items 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunThe following crashes the parser: 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun for x in; do 9*4882a593Smuzhiyun 0 10*4882a593Smuzhiyun done 11*4882a593Smuzhiyun 12*4882a593SmuzhiyunThis is because grub_script_arglist_to_argv() doesn't consider the 13*4882a593Smuzhiyunpossibility that arglist is NULL. Catch that explicitly. 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunThis avoids a NULL pointer dereference. 16*4882a593Smuzhiyun 17*4882a593SmuzhiyunSigned-off-by: Daniel Axtens <dja@axtens.net> 18*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 19*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 20*4882a593Smuzhiyun--- 21*4882a593Smuzhiyun grub-core/script/execute.c | 3 +++ 22*4882a593Smuzhiyun 1 file changed, 3 insertions(+) 23*4882a593Smuzhiyun 24*4882a593Smuzhiyundiff --git a/grub-core/script/execute.c b/grub-core/script/execute.c 25*4882a593Smuzhiyunindex 23d34bd..31dac25 100644 26*4882a593Smuzhiyun--- a/grub-core/script/execute.c 27*4882a593Smuzhiyun+++ b/grub-core/script/execute.c 28*4882a593Smuzhiyun@@ -624,6 +624,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist, 29*4882a593Smuzhiyun struct grub_script_arg *arg = 0; 30*4882a593Smuzhiyun struct grub_script_argv result = { 0, 0, 0 }; 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun+ if (arglist == NULL) 33*4882a593Smuzhiyun+ return 1; 34*4882a593Smuzhiyun+ 35*4882a593Smuzhiyun for (; arglist && arglist->arg; arglist = arglist->next) 36*4882a593Smuzhiyun { 37*4882a593Smuzhiyun if (grub_script_argv_next (&result)) 38*4882a593Smuzhiyun-- 39*4882a593Smuzhiyun2.14.2 40*4882a593Smuzhiyun 41