diff options
author | Glenn Washburn <development@efficientek.com> | 2022-01-12 20:55:00 -0600 |
---|---|---|
committer | Daniel Kiper <daniel.kiper@oracle.com> | 2022-02-08 13:39:01 +0100 |
commit | ddf47bdb042ab0ea52bc713b5f80cc48543f0469 (patch) | |
tree | 3414f29d8d9a79ad474b33ae0b8609e86820adfc | |
parent | fcf2594ca12777ffd717819663e1c4b3d737c928 (diff) | |
download | grub-ddf47bdb042ab0ea52bc713b5f80cc48543f0469.tar.gz |
util/resolve: Do not read past the end of the array in read_dep_list()
If the last non-NULL byte of "buf" is not a white-space character (such as
when a read line is longer than the size of "buf"), then "p" will eventually
point to the byte after the last byte in "buf". After which "p" will be
dereferenced in the while conditional leading to an out of bounds read. Make
sure that "p" is inside "buf" before dereferencing it.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-rw-r--r-- | util/resolve.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/util/resolve.c b/util/resolve.c index 3e887d2ff..5e9afa10c 100644 --- a/util/resolve.c +++ b/util/resolve.c @@ -102,7 +102,7 @@ read_dep_list (FILE *fp) dep_list = dep; /* Add dependencies. */ - while (*p) + while (p < (buf + sizeof (buf)) && *p) { struct mod_list *mod; char *name; |