From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date: Thu, 9 Oct 2025 09:19:39 +0000 (+0530)
Subject: commands/menuentry: Fix for out of bound access
X-Git-Tag: grub-2.14-rc1~59
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b5c671d35b1b84468da1fef2b9bd8e05682f7e6;p=thirdparty%2Fgrub.git

commands/menuentry: Fix for out of bound access

A menu entry with an empty title leads to an out-of-bounds access at
"ch = src[len - 1]", i.e., "src" is empty and "len" is zero. So, fixing
this by checking the menu entry title length and throwing an error if
the length is zero.

Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 09749c415..5e1318f17 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -266,6 +266,9 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
   if (! argc)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments");
 
+  if (! grub_strlen (args[argc - 1]))
+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "menuentry title is missing");
+
   if (ctxt->state[3].set && ctxt->script)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "multiple menuentry definitions");