]> git.dujemihanovic.xyz Git - u-boot.git/commit
cli: avoid buffer overrun
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tue, 2 May 2023 02:34:09 +0000 (04:34 +0200)
committerTom Rini <trini@konsulko.com>
Wed, 31 May 2023 21:23:01 +0000 (17:23 -0400)
commit7bae13da36477ce451ef5975e0cf79dbe035b52c
tree8d2cf90e7e8af689f178237f068fcee64f274f28
parent1310ad3aacf5cae97a2f3457ec9ef56f0d88bc09
cli: avoid buffer overrun

Invoking the sandbox with

    /u-boot -c ⧵0xef⧵0xbf⧵0xbd

results in a segmentation fault.

Function b_getch() retrieves a character from the input stream. This
character may be > 0x7f. If type char is signed, static_get() will
return a negative number and in parse_stream() we will use that
negative number as an index for array map[] resulting in a buffer
overflow.

Reported-by: Harry Lockyer <harry_lockyer@tutanota.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
common/cli_hush.c