iam.tj Git - grub.git/commit

author	Peter Jones <pjones@redhat.com>
	Wed, 17 Sep 2014 20:30:11 +0000 (16:30 -0400)
committer	Andrei Borzenkov <arvidjaar@gmail.com>
	Sun, 21 Sep 2014 06:36:42 +0000 (10:36 +0400)
commit	631a82003851ca68bfaf87e12be5c94e14cd2a91
tree	e40a77c7e28e04c1a7311d3fd91d00df3b4331d8	tree \| snapshot
parent	60049a0e7204c267fc867ce8de31421613af0b69	commit \| diff

Initialized initrd_ctx so we don't free a random pointer from the stack.

Currently, if "linux" fails, the "goto fail;" in grub_cmd_initrd sends us
into grub_initrd_close() without grub_initrd_init() being called, and thus
it never clears initrd_ctx->components. grub_initrd_close() then frees that
address, which is stale data from the stack. If the stack happens to have a
stale *address* there that matches a recent allocation, then you'll get a
double free later.

So initialize the memory up front.

Signed-off-by: Peter Jones <pjones@redhat.com>

ChangeLog		diff \| blob \| history
grub-core/loader/arm/linux.c		diff \| blob \| history
grub-core/loader/arm64/linux.c		diff \| blob \| history
grub-core/loader/i386/linux.c		diff \| blob \| history
grub-core/loader/i386/pc/linux.c		diff \| blob \| history
grub-core/loader/ia64/efi/linux.c		diff \| blob \| history
grub-core/loader/mips/linux.c		diff \| blob \| history
grub-core/loader/powerpc/ieee1275/linux.c		diff \| blob \| history
grub-core/loader/sparc64/ieee1275/linux.c		diff \| blob \| history