[PATCH 1/1] cli: avoid buffer overrun
Simon Glass
sjg at chromium.org
Tue May 2 19:12:14 CEST 2023
On Mon, 1 May 2023 at 20:34, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> Invoking the sandbox with
>
> /u-boot -c ⧵0xef⧵0xbf⧵0xbd
>
> results in a segmentation fault.
>
> Function b_getch() retrieves a character from the input stream. This
> character may be > 0x7f. If type char is signed, static_get() will
> return a negative number and in parse_stream() we will use that
> negative number as an index for array map[] resulting in a buffer
> overflow.
>
> Reported-by: Harry Lockyer <harry_lockyer at tutanota.com>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> common/cli_hush.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list