[U-Boot] [PATCH 4/6] hush: fix segfault on syntax error
Rabin Vincent
rabin at rab.in
Wed Oct 29 23:21:40 CET 2014
Hush segfaults if it sees a syntax error while attempting to parse a
command:
$ ./u-boot -c "'"
...
syntax error
Segmentation fault (core dumped)
This is due to a NULL pointer dereference of in_str->p in static_peek().
The problem is that the exit condition for the loop in
parse_stream_outer() checks for rcode not being -1, but rcode is only
ever 0 or 1.
Signed-off-by: Rabin Vincent <rabin at rab.in>
---
common/cli_hush.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/cli_hush.c b/common/cli_hush.c
index 9607e93..a07ae71 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3217,7 +3217,7 @@ static int parse_stream_outer(struct in_str *inp, int flag)
}
b_free(&temp);
/* loop on syntax errors, return on EOF */
- } while (rcode != -1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
+ } while (rcode != 1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
(inp->peek != static_peek || b_peek(inp)));
#ifndef __U_BOOT__
return 0;
--
2.1.1
More information about the U-Boot
mailing list