Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-17 10:24:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cli: avoid buffer overrun

Browse source 
Invoking the sandbox with

    /u-boot -c ⧵0xef⧵0xbf⧵0xbd

results in a segmentation fault.

Function b_getch() retrieves a character from the input stream. This
character may be > 0x7f. If type char is signed, static_get() will
return a negative number and in parse_stream() we will use that
negative number as an index for array map[] resulting in a buffer
overflow.

Reported-by: Harry Lockyer <harry_lockyer@tutanota.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Heinrich Schuchardt 2023-05-02 04:34:09 +02:00 committed by Tom Rini
parent 1310ad3aac
commit 7bae13da36
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/cli_hush.c
View file

@ -324,7 +324,7 @@ typedef struct {
/* I can almost use ordinary FILE *. Is open_memstream() universally
* available? Where is it documented? */
struct in_str {
const char *p;
const unsigned char *p;
#ifndef __U_BOOT__
char peek_buf[2];
#endif