The EFI version of grub_machine_get_bootlocation crops the boot image
name back to the last / in order to get a directory path. However, it
does not check that *name is actually set before calling grub_strrchr
to do this, and neither does grub_strrchr before dereferencing a NULL
pointer.
Parent function, grub_set_prefix_and_root, does check the pointer
before using.
+2014-01-07 Leif Lindholm <leif.lindholm@linaro.org>
+
+ * grub-core/kern/efi/init.c: check value of *path before
+ dereferencing.
+
2014-11-03 Michael Chang <mchang@suse.com>
* grub-core/net/icmp6.c (grub_net_recv_icmp6_packet): Fix size
if (!*device && grub_efi_net_config)
grub_efi_net_config (image->device_handle, device, path);
- /* Get the directory. */
- p = grub_strrchr (*path, '/');
- if (p)
- *p = '\0';
+ if (*path)
+ {
+ /* Get the directory. */
+ p = grub_strrchr (*path, '/');
+ if (p)
+ *p = '\0';
+ }
}
void