[PATCH] x86: zimage: fix NULL pointer dereference in build_command_line
Anton Moryakov
ant.v.moryakov at gmail.com
Thu May 21 21:14:01 CEST 2026
Static analysis reported a redundant NULL check at line 68, but the
real issue is that env_command_line (from env_get("bootargs")) can
be NULL and is dereferenced unconditionally by strstr() at line 56.
If the "bootargs" environment variable is not set, env_get() returns
NULL, causing strstr(NULL, ...) to dereference a null pointer and crash.
Fix: add NULL check before strstr() call:
if (env_command_line && !strstr(env_command_line, "console="))
The existing check at line 68 remains necessary to guard the strcat()
call and is no longer redundant.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
arch/x86/lib/zimage.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/lib/zimage.c b/arch/x86/lib/zimage.c
index a5f2231aa52..dbec5887b77 100644
--- a/arch/x86/lib/zimage.c
+++ b/arch/x86/lib/zimage.c
@@ -64,7 +64,7 @@ static void build_command_line(char *command_line, int auto_boot)
env_command_line = env_get("bootargs");
/* set console= argument if we use a serial console */
- if (!strstr(env_command_line, "console=")) {
+ if (env_command_line && !strstr(env_command_line, "console=")) {
if (!strcmp(env_get("stdout"), "serial")) {
/* We seem to use serial console */
--
2.39.2
More information about the U-Boot
mailing list