1*4882a593SmuzhiyunFrom 42facd577231cf5ffe4c7128fed15b7e7d99cbca Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Thomas Frauendorfer | Miray Software <tf@miray.de> 3*4882a593SmuzhiyunDate: Tue, 4 Aug 2020 13:49:51 +0200 4*4882a593SmuzhiyunSubject: [PATCH] gfxmenu/gui: Check printf() format in the gui_progress_bar 5*4882a593Smuzhiyun and gui_label 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunThe gui_progress_bar and gui_label components can display the timeout 8*4882a593Smuzhiyunvalue. The format string can be set through a theme file. This patch 9*4882a593Smuzhiyunadds a validation step to the format string. 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunIf a user loads a theme file into the GRUB without this patch then 12*4882a593Smuzhiyuna GUI label with the following settings 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun + label { 15*4882a593Smuzhiyun ... 16*4882a593Smuzhiyun id = "__timeout__" 17*4882a593Smuzhiyun text = "%s" 18*4882a593Smuzhiyun } 19*4882a593Smuzhiyun 20*4882a593Smuzhiyunwill interpret the current timeout value as string pointer and print the 21*4882a593Smuzhiyunmemory at that position on the screen. It is not desired behavior. 22*4882a593Smuzhiyun 23*4882a593SmuzhiyunSigned-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de> 24*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 25*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 26*4882a593Smuzhiyun--- 27*4882a593Smuzhiyun grub-core/gfxmenu/gui_label.c | 4 ++++ 28*4882a593Smuzhiyun grub-core/gfxmenu/gui_progress_bar.c | 3 +++ 29*4882a593Smuzhiyun 2 files changed, 7 insertions(+) 30*4882a593Smuzhiyun 31*4882a593Smuzhiyundiff --git a/grub-core/gfxmenu/gui_label.c b/grub-core/gfxmenu/gui_label.c 32*4882a593Smuzhiyunindex a4c8178..1c19054 100644 33*4882a593Smuzhiyun--- a/grub-core/gfxmenu/gui_label.c 34*4882a593Smuzhiyun+++ b/grub-core/gfxmenu/gui_label.c 35*4882a593Smuzhiyun@@ -193,6 +193,10 @@ label_set_property (void *vself, const char *name, const char *value) 36*4882a593Smuzhiyun else if (grub_strcmp (value, "@KEYMAP_SHORT@") == 0) 37*4882a593Smuzhiyun value = _("enter: boot, `e': options, `c': cmd-line"); 38*4882a593Smuzhiyun /* FIXME: Add more templates here if needed. */ 39*4882a593Smuzhiyun+ 40*4882a593Smuzhiyun+ if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) 41*4882a593Smuzhiyun+ value = ""; /* Unsupported format. */ 42*4882a593Smuzhiyun+ 43*4882a593Smuzhiyun self->template = grub_strdup (value); 44*4882a593Smuzhiyun self->text = grub_xasprintf (value, self->value); 45*4882a593Smuzhiyun } 46*4882a593Smuzhiyundiff --git a/grub-core/gfxmenu/gui_progress_bar.c b/grub-core/gfxmenu/gui_progress_bar.c 47*4882a593Smuzhiyunindex b128f08..ace85a1 100644 48*4882a593Smuzhiyun--- a/grub-core/gfxmenu/gui_progress_bar.c 49*4882a593Smuzhiyun+++ b/grub-core/gfxmenu/gui_progress_bar.c 50*4882a593Smuzhiyun@@ -348,6 +348,9 @@ progress_bar_set_property (void *vself, const char *name, const char *value) 51*4882a593Smuzhiyun Please use the shortest form available in you language. */ 52*4882a593Smuzhiyun value = _("%ds"); 53*4882a593Smuzhiyun 54*4882a593Smuzhiyun+ if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) 55*4882a593Smuzhiyun+ value = ""; /* Unsupported format. */ 56*4882a593Smuzhiyun+ 57*4882a593Smuzhiyun self->template = grub_strdup (value); 58*4882a593Smuzhiyun } 59*4882a593Smuzhiyun else if (grub_strcmp (name, "font") == 0) 60*4882a593Smuzhiyun-- 61*4882a593Smuzhiyun2.14.2 62*4882a593Smuzhiyun 63