stub: Fix NULL pointer deref when there are no initrds

When n_all_initrds == 0, then all_initrds is unmodified from its initial
value of:

	_cleanup_free_ struct iovec *all_initrds = NULL;

and in the else block of the "if (n_all_initrds > 1)" the NULL is
dereferenced:

		final_initrd = all_initrds[0];

Leading to the stub crashing due to a NULL pointer deref.

Fix this by initializing final_initrd to all 0s and only
running the else block if (n_all_initrds == 1).

diff --git a/src/boot/stub.c b/src/boot/stub.c
index 06ecbc7d18fb426957b92cfd0758bfe2d6a96b5c..65950262c69d5beaf7d0a29245a625e9dfbb2486 100644 (file)
--- a/src/boot/stub.c
+++ b/src/boot/stub.c
@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) {
 
         /* Combine the initrds into one */
         _cleanup_pages_ Pages initrd_pages = {};
-        struct iovec final_initrd;
+        struct iovec final_initrd = {};
         if (n_all_initrds > 1) {
-                /* There will always be a base initrd, if this counter is higher, we need to combine them */
+                /* If there is more then 1 initrd we need to combine them */
                 err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len);
                 if (err != EFI_SUCCESS)
                         return err;
@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
 
                 /* Given these might be large let's free them explicitly before we pass control to Linux */
                 initrds_free(&initrds);
-        } else
+        } else if (n_all_initrds == 1)
                 final_initrd = all_initrds[0];
 
         struct iovec kernel = IOVEC_MAKE(