commands/read: Fix an integer overflow when supplying more than 2^31 characters
The grub_getline() function currently has a signed integer variable "i"
that can be overflown when user supplies more than 2^31 characters.
It results in a memory corruption of the allocated line buffer as well
as supplying large negative values to grub_realloc().
Fixes: CVE-2025-0690 Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com> Signed-off-by: Jonathan Bar Or <jonathanbaror@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
projects / thirdparty / grub.git / commit
