quoted

 diff --git a/common/hush.c b/common/hush.c
 index d3f7bf3..d8fd64b 100644
 --- a/common/hush.c
 +++ b/common/hush.c
 @@ -1655,6 +1655,9 @@ char *shell_expand(char *str)
          o_string o = {};
          char *res, *parsed;

 + if (strlen(str) == 0)
 + return xstrdup("");
 +

Can you explain why this is necessary? What happens with an empty string
without this patch?

/*
 * shell_expand - Expand shell variables in a string.
 * @str:        The input string containing shell variables like
 *              $var or ${var}
 * Return:      The expanded string. Must be freed with free().
 */

If shell_expand should be called _only_ with string containing _at least one_ $var or ${var} then this patch is wrong.
And since shell_expand is called only from menutree.c then it's menutree.c's responsibility to verify the string.

Otherwise:
If you pass zero length string (i.e. shell_expand("")) you will end up with "Segmentation Fault"
because this line:

        parse_string(&o, &ctx, str);

will give you o.data = NULL
and then comes this line:

        parsed = xmemdup(o.data, o.length + 1);

PS. And if you will not fill 'title' file for menu with some data you will get "Segmentation Fault".

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox