It looks like grub_strdup() does not terminate the returned string with
a 0 byte. The only way I could see it working is if grub_malloc()
filled the returned memory with zeroes. Does it?
From kern/misc.c: (circa line 476)
char *
grub_strdup (const char *s)
{
grub_size_t len;
char *p;
len = grub_strlen (s) + 1;
p = (char *) grub_malloc (len);
if (! p)
return 0;
return grub_memcpy (p, s, len);
}
But right after that, we have
char *
grub_strndup (const char *s, grub_size_t n)
{
grub_size_t len;
char *p;
len = grub_strlen (s);
if (len > n)
len = n;
p = (char *) grub_malloc (len + 1);
if (! p)
return 0;
grub_memcpy (p, s, len);
p[len] = '\0';
return p;
}
which explicitly stores a terminating null byte. If grub_malloc() did
initialize the memory to zero, then this explicity store would be
unnecessary.