From 0415dbe28f3dc3520b70745b3bd78073f094fb4d Mon Sep 17 00:00:00 2001 From: Andrei Borzenkov Date: Fri, 28 Nov 2014 20:45:27 +0300 Subject: [PATCH] grub-install-common: avoid out of bound access when read failed Check that modinfo.sh could be read successfully; abort on error. Avoids potential out-of-bound array access. CID: 73819 --- ChangeLog | 2 ++ util/grub-install-common.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 930ceb20c..e46b9995b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-11-28 Andrei Borzenkov + * util/grub-install-common.c (grub_install_get_target): Check return + value of grub_util_fd_read (Coverity CID 73819). * util/grub-mkstandalone.c (add_tar_file): Fix out of bound access to hd.magic (Coverity CID 73587, 73888, bug 43690). diff --git a/util/grub-install-common.c b/util/grub-install-common.c index c8bedcb2e..4b5d4d486 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -911,6 +911,8 @@ grub_install_get_target (const char *src) grub_util_error (_("%s doesn't exist. Please specify --target or --directory"), fn); r = grub_util_fd_read (f, buf, sizeof (buf) - 1); + if (r < 0) + grub_util_error (_("cannot read `%s': %s"), fn, strerror (errno)); grub_util_fd_close (f); buf[r] = '\0'; c = strstr (buf, "grub_modinfo_target_cpu=");