oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[SECURITY PATCH 1/8] commands/test: Fix error in recursion depth calculation

From: Daniel Kiper <daniel.kiper () oracle com>
Date: Tue, 18 Nov 2025 19:00:14 +0100
From: Thomas Frauendorfer | Miray Software <tf () miray de>

The commit c68b7d236 (commands/test: Stack overflow due to unlimited
recursion depth) added recursion depth tests to the test command. But in
the error case it decrements the pointer to the depth value instead of
the value itself. Fix it.

Fixes: c68b7d236 (commands/test: Stack overflow due to unlimited recursion depth)

Signed-off-by: Thomas Frauendorfer | Miray Software <tf () miray de>
Reviewed-by: Daniel Kiper <daniel.kiper () oracle com>
---
 grub-core/commands/test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/commands/test.c b/grub-core/commands/test.c
index b585c3d70..ee47ab264 100644
--- a/grub-core/commands/test.c
+++ b/grub-core/commands/test.c
@@ -403,7 +403,7 @@ test_parse (char **args, int *argn, int argc, int *depth)
          if (++(*depth) > MAX_TEST_RECURSION_DEPTH)
            {
              grub_error (GRUB_ERR_OUT_OF_RANGE, N_("max recursion depth exceeded"));
-             depth--;
+             (*depth)--;
              return ctx.or || ctx.and;
            }
 
-- 
2.11.0
Previous By Date Next
Previous By Thread Next

Current thread: