| From 42facd577231cf5ffe4c7128fed15b7e7d99cbca Mon Sep 17 00:00:00 2001 |
| From: Thomas Frauendorfer | Miray Software <tf@miray.de> |
| Date: Tue, 4 Aug 2020 13:49:51 +0200 |
| Subject: [PATCH] gfxmenu/gui: Check printf() format in the gui_progress_bar |
| and gui_label |
| |
| The gui_progress_bar and gui_label components can display the timeout |
| value. The format string can be set through a theme file. This patch |
| adds a validation step to the format string. |
| |
| If a user loads a theme file into the GRUB without this patch then |
| a GUI label with the following settings |
| |
| + label { |
| ... |
| id = "__timeout__" |
| text = "%s" |
| } |
| |
| will interpret the current timeout value as string pointer and print the |
| memory at that position on the screen. It is not desired behavior. |
| |
| Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de> |
| Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
| Signed-off-by: Stefan SΓΈrensen <stefan.sorensen@spectralink.com> |
| --- |
| grub-core/gfxmenu/gui_label.c | 4 ++++ |
| grub-core/gfxmenu/gui_progress_bar.c | 3 +++ |
| 2 files changed, 7 insertions(+) |
| |
| diff --git a/grub-core/gfxmenu/gui_label.c b/grub-core/gfxmenu/gui_label.c |
| index a4c8178..1c19054 100644 |
| --- a/grub-core/gfxmenu/gui_label.c |
| +++ b/grub-core/gfxmenu/gui_label.c |
| @@ -193,6 +193,10 @@ label_set_property (void *vself, const char *name, const char *value) |
| else if (grub_strcmp (value, "@KEYMAP_SHORT@") == 0) |
| value = _("enter: boot, `e': options, `c': cmd-line"); |
| /* FIXME: Add more templates here if needed. */ |
| + |
| + if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) |
| + value = ""; /* Unsupported format. */ |
| + |
| self->template = grub_strdup (value); |
| self->text = grub_xasprintf (value, self->value); |
| } |
| diff --git a/grub-core/gfxmenu/gui_progress_bar.c b/grub-core/gfxmenu/gui_progress_bar.c |
| index b128f08..ace85a1 100644 |
| --- a/grub-core/gfxmenu/gui_progress_bar.c |
| +++ b/grub-core/gfxmenu/gui_progress_bar.c |
| @@ -348,6 +348,9 @@ progress_bar_set_property (void *vself, const char *name, const char *value) |
| Please use the shortest form available in you language. */ |
| value = _("%ds"); |
| |
| + if (grub_printf_fmt_check(value, "%d") != GRUB_ERR_NONE) |
| + value = ""; /* Unsupported format. */ |
| + |
| self->template = grub_strdup (value); |
| } |
| else if (grub_strcmp (name, "font") == 0) |
| -- |
| 2.14.2 |
| |