[PATCH] autoboot: fix illegal memory access when stop key and delay key are empty

Yuezhang.Mo at sony.com Yuezhang.Mo at sony.com
Fri Jan 15 04:11:49 CET 2021


If both stop key and delay key are empty, the length of these
keys is 0. The subtraction operation will cause the u_int type
variable to overflow, will cause illegal memory access in key
input loop.

This commit fixes this bug by using int type instead of u_init.
---
 common/autoboot.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/autoboot.c b/common/autoboot.c
index e628baffb8..61fb09f910 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -156,9 +156,9 @@ static int passwd_abort_key(uint64_t etime)
 	};
 
 	char presskey[MAX_DELAY_STOP_STR];
-	u_int presskey_len = 0;
-	u_int presskey_max = 0;
-	u_int i;
+	int presskey_len = 0;
+	int presskey_max = 0;
+	int i;
 
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)
-- 
2.25.1


More information about the U-Boot mailing list