grub2/0025-kern-parser-Fix-a-memory-leak.patch

From b6e9ddb100e90665d090d7f92cdc69f03f0a6498 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Wed, 18 Nov 2020 00:59:24 +0000
Subject: [PATCH 25/46] kern/parser: Fix a memory leak

The getline() function supplied to grub_parser_split_cmdline() returns
a newly allocated buffer and can be called multiple times, but the
returned buffer is never freed.

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/kern/parser.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
index d1cf061ad..39e4df65b 100644
--- a/grub-core/kern/parser.c
+++ b/grub-core/kern/parser.c
@@ -140,6 +140,7 @@ grub_parser_split_cmdline (const char *cmdline,
   char buffer[1024];
   char *bp = buffer;
   char *rd = (char *) cmdline;
+  char *rp = rd;
   char varname[200];
   char *vp = varname;
   char *args;
@@ -149,10 +150,18 @@ grub_parser_split_cmdline (const char *cmdline,
   *argv = NULL;
   do
     {
-      if (!rd || !*rd)
+      if (rp == NULL || *rp == '\0')
 	{
+	  if (rd != cmdline)
+	    {
+	      grub_free (rd);
+	      rd = rp = NULL;
+	    }
 	  if (getline)
-	    getline (&rd, 1, getline_data);
+	    {
+	      getline (&rd, 1, getline_data);
+	      rp = rd;
+	    }
 	  else
 	    break;
 	}
@@ -160,12 +169,12 @@ grub_parser_split_cmdline (const char *cmdline,
       if (!rd)
 	break;
 
-      for (; *rd; rd++)
+      for (; *rp != '\0'; rp++)
 	{
 	  grub_parser_state_t newstate;
 	  char use;
 
-	  newstate = grub_parser_cmdline_state (state, *rd, &use);
+	  newstate = grub_parser_cmdline_state (state, *rp, &use);
 
 	  /* If a variable was being processed and this character does
 	     not describe the variable anymore, write the variable to
@@ -198,6 +207,9 @@ grub_parser_split_cmdline (const char *cmdline,
     }
   while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state));
 
+  if (rd != cmdline)
+    grub_free (rd);
+
   /* A special case for when the last character was part of a
      variable.  */
   add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT);
-- 
2.26.2