bootspec: fix null-dereference-read

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 2 Dec 2022 05:30:22 +0000 (14:30 +0900)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Fri, 2 Dec 2022 13:23:45 +0000 (14:23 +0100)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 2 Dec 2022 05:30:22 +0000 (14:30 +0900)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 2 Dec 2022 13:23:45 +0000 (14:23 +0100)
diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c

index 56274a0d4d35ab200daf451cda411e46cb3051ed..83960b99d3fdd3c1f676bd8cb62d0ab9755b2887 100644 (file)
--- a/src/shared/bootspec.c
+++ b/src/shared/bootspec.c
@@ -980,6 +980,8 @@ static int boot_config_find(const BootConfig *config, const char *id) {
          if (id[0] == '@') {
                  if (!strcaseeq(id, "@saved"))
                          return -1;
+                if (!config->entry_selected)
+                        return -1;
                  id = config->entry_selected;
          }
  
diff --git a/test/fuzz/fuzz-bootspec/clusterfuzz-testcase-minimized-fuzz-bootspec-5731869371269120 b/test/fuzz/fuzz-bootspec/clusterfuzz-testcase-minimized-fuzz-bootspec-5731869371269120

new file mode 100644 (file)

index 0000000..8804abd
--- /dev/null
+++ b/test/fuzz/fuzz-bootspec/clusterfuzz-testcase-minimized-fuzz-bootspec-5731869371269120
@@ -0,0 +1 @@
+{"config":"default @saved","loader":[""]}
+\ No newline at end of file
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 2 Dec 2022 05:30:22 +0000 (14:30 +0900)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Fri, 2 Dec 2022 13:23:45 +0000 (14:23 +0100)
src/shared/bootspec.c		patch \| blob \| history
test/fuzz/fuzz-bootspec/clusterfuzz-testcase-minimized-fuzz-bootspec-5731869371269120	[new file with mode: 0644]	patch \| blob