Invoking the sandbox with
/u-boot -c ⧵0xef⧵0xbf⧵0xbd
results in a segmentation fault.
Function b_getch() retrieves a character from the input stream. This
character may be > 0x7f. If type char is signed, static_get() will
return a negative number and in parse_stream() we will use that
negative number as an index for array map[] resulting in a buffer
overflow.
Reported-by: Harry Lockyer <harry_lockyer@tutanota.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
/* I can almost use ordinary FILE *. Is open_memstream() universally
* available? Where is it documented? */
struct in_str {
- const char *p;
+ const unsigned char *p;
#ifndef __U_BOOT__
char peek_buf[2];
#endif