From: Aaron Rainbolt <arraybolt3@gmail.com>

The cmd_line field of the start_info struct is not guaranteed to be
NUL-terminated, even though it is intended to contain a NUL-terminated
string. Add a warning about this in a comment so future consumers of
this field know to check it for a NUL terminator before using it.

Signed-off-by: Aaron Rainbolt <arraybolt3@gmail.com>
---
 include/xen/xen.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/xen/xen.h b/include/xen/xen.h
index fdf0fc4..16f3fd7 100644
--- a/include/xen/xen.h
+++ b/include/xen/xen.h
@@ -823,6 +823,11 @@ struct start_info {
                                 /* (PFN of pre-loaded module if           */
                                 /*  SIF_MOD_START_PFN set in flags).      */
     unsigned long mod_len;      /* Size (bytes) of pre-loaded module.     */
+    /* 
+     * cmd_line will contain a NUL-termianted string if it contains valid
+     * data, but it MAY be invalid and not contain a NUL byte at all. Code
+     * that accesses cmd_line MUST NOT assume it is NUL-terminated.
+     */
 #define GRUB_XEN_MAX_GUEST_CMDLINE 1024
     int8_t cmd_line[GRUB_XEN_MAX_GUEST_CMDLINE];
     /* The pfn range here covers both page table and p->m table frames.   */
-- 
2.50.1

On Wed, Aug 13, 2025 at 08:36:44PM -0500, arraybolt3@gmail.com wrote:
> From: Aaron Rainbolt <arraybolt3@gmail.com>
>
> The cmd_line field of the start_info struct is not guaranteed to be
> NUL-terminated, even though it is intended to contain a NUL-terminated
> string. Add a warning about this in a comment so future consumers of
> this field know to check it for a NUL terminator before using it.
>
> Signed-off-by: Aaron Rainbolt <arraybolt3@gmail.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel