[PATCH] x86: zimage: fix NULL pointer dereference in build_command_line
Simon Glass
sjg at chromium.org
Mon May 25 17:06:39 CEST 2026
Hi Anton,
On 2026-05-21T19:14:01, Anton Moryakov <ant.v.moryakov at gmail.com> wrote:
> x86: zimage: fix NULL pointer dereference in build_command_line
>
> Static analysis reported a redundant NULL check at line 68, but the
> real issue is that env_command_line (from env_get('bootargs')) can
> be NULL and is dereferenced unconditionally by strstr() at line 56.
>
> If the 'bootargs' environment variable is not set, env_get() returns
> NULL, causing strstr(NULL, ...) to dereference a null pointer and crash.
>
> Fix: add NULL check before strstr() call:
> if (env_command_line && !strstr(env_command_line, 'console='))
>
> The existing check at line 68 remains necessary to guard the strcat()
> call and is no longer redundant.
>
> Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
> I
> arch/x86/lib/zimage.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/arch/x86/lib/zimage.c b/arch/x86/lib/zimage.c
> @@ -64,7 +64,7 @@ static void build_command_line(char *command_line, int auto_boot)
> env_command_line = env_get('bootargs');
>
> /* set console= argument if we use a serial console */
> - if (!strstr(env_command_line, 'console=')) {
> + if (env_command_line && !strstr(env_command_line, 'console=')) {
Please drop the line numbers from the commit message - they shift and
don't seem to match the tree today. Just describe the bug:
env_get('bootargs') can return NULL and strstr() dereferences it
unconditionally.
Subject should use parentheses: build_command_line()
Reviewed-by: Simon Glass <sjg at chromium.org>
Regards,
Simon
More information about the U-Boot
mailing list