| Currently, if "linux" fails, the "goto fail;" in grub_cmd_initrd sends us into grub_initrd_close() without grub_initrd_init() being called, and thus it never clears initrd_ctx->components. grub_initrd_close() then frees that address, which is stale data from the stack. If the stack happens to have a stale *address* there that matches a recent allocation, then you'll get a double free later. So initialize the memory up front. Signed-off-by: Peter Jones <pjones@redhat.com> | ||
|---|---|---|
| .. | ||
| chainloader.c | ||
| freedos.c | ||
| linux.c | ||
| ntldr.c | ||
| plan9.c | ||
| pxechainloader.c | ||
| truecrypt.c | ||