[PATCH 1/1] cli: avoid buffer overrun
Tom Rini
trini at konsulko.com
Thu Jun 1 17:24:47 CEST 2023
On Tue, May 02, 2023 at 04:34:09AM +0200, Heinrich Schuchardt wrote:
> Invoking the sandbox with
>
> /u-boot -c ⧵0xef⧵0xbf⧵0xbd
>
> results in a segmentation fault.
>
> Function b_getch() retrieves a character from the input stream. This
> character may be > 0x7f. If type char is signed, static_get() will
> return a negative number and in parse_stream() we will use that
> negative number as an index for array map[] resulting in a buffer
> overflow.
>
> Reported-by: Harry Lockyer <harry_lockyer at tutanota.com>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230601/64dd0e3d/attachment.sig>
More information about the U-Boot
mailing list