51 lines
1.8 KiB
Diff
51 lines
1.8 KiB
Diff
From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001
|
|
From: Hans de Goede <johannes.goede@oss.qualcomm.com>
|
|
Date: Mon, 12 Jan 2026 14:56:36 +0100
|
|
Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds
|
|
|
|
When n_all_initrds == 0, then all_initrds is unmodified from its initial
|
|
value of:
|
|
|
|
_cleanup_free_ struct iovec *all_initrds = NULL;
|
|
|
|
and in the else block of the "if (n_all_initrds > 1)" the NULL is
|
|
dereferenced:
|
|
|
|
final_initrd = all_initrds[0];
|
|
|
|
Leading to the stub crashing due to a NULL pointer deref.
|
|
|
|
Fix this by initializing final_initrd to all 0s and only
|
|
running the else block if (n_all_initrds == 1).
|
|
---
|
|
src/boot/stub.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/boot/stub.c b/src/boot/stub.c
|
|
index 06ecbc7d18..65950262c6 100644
|
|
--- a/src/boot/stub.c
|
|
+++ b/src/boot/stub.c
|
|
@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) {
|
|
|
|
/* Combine the initrds into one */
|
|
_cleanup_pages_ Pages initrd_pages = {};
|
|
- struct iovec final_initrd;
|
|
+ struct iovec final_initrd = {};
|
|
if (n_all_initrds > 1) {
|
|
- /* There will always be a base initrd, if this counter is higher, we need to combine them */
|
|
+ /* If there is more then 1 initrd we need to combine them */
|
|
err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len);
|
|
if (err != EFI_SUCCESS)
|
|
return err;
|
|
@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
|
|
|
|
/* Given these might be large let's free them explicitly before we pass control to Linux */
|
|
initrds_free(&initrds);
|
|
- } else
|
|
+ } else if (n_all_initrds == 1)
|
|
final_initrd = all_initrds[0];
|
|
|
|
struct iovec kernel = IOVEC_MAKE(
|
|
--
|
|
2.52.0
|
|
|