script/execute: Fix potential underflow and NULL dereference

The result is initialized to 0 in grub_script_arglist_to_argv().
If the for loop condition is not met both result.args and result.argc
remain 0 causing result.argc - 1 to underflow and/or result.args NULL
dereference. Fix the issues by adding relevant checks.

Fixes: CID 473880
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name script-execute-Fix-potential-underflow-and-NULL-dereferen.patch

diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index e1450f45d72614d3bc134f1988c6f851fd7f21fb..a86e0051f2c5e79b3de445b7cd30a7beef3fee1c 100644 (file)
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -760,6 +760,9 @@ cleanup:
        }
     }
 
+  if (result.args == NULL || result.argc == 0)
+    goto fail;
+
   if (! result.args[result.argc - 1])
     result.argc--;