Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 7bae13da36477ce451ef5975e0cf79dbe035b52c
commit7bae13da36477ce451ef5975e0cf79dbe035b52c[log] [tgz]
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Tue May 02 04:34:09 2023 +0200
committerTom Rini <trini@konsulko.com>Wed May 31 17:23:01 2023 -0400
tree8d2cf90e7e8af689f178237f068fcee64f274f28
parent1310ad3aacf5cae97a2f3457ec9ef56f0d88bc09 [diff]
cli: avoid buffer overrun

Invoking the sandbox with

    /u-boot -c ⧵0xef⧵0xbf⧵0xbd

results in a segmentation fault.

Function b_getch() retrieves a character from the input stream. This
character may be > 0x7f. If type char is signed, static_get() will
return a negative number and in parse_stream() we will use that
negative number as an index for array map[] resulting in a buffer
overflow.

Reported-by: Harry Lockyer <harry_lockyer@tutanota.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
1 file changed
tree: 8d2cf90e7e8af689f178237f068fcee64f274f28
  1. .github/
  2. api/
  3. arch/
  4. bin/
  5. board/
  6. boot/
  7. cmd/
  8. common/
  9. configs/
  10. disk/
  11. doc/
  12. drivers/
  13. dts/
  14. env/
  15. examples/
  16. fs/
  17. include/
  18. lib/
  19. Licenses/
  20. net/
  21. post/
  22. py/
  23. scripts/
  24. test/
  25. tools/
  26. .azure-pipelines.yml
  27. .checkpatch.conf
  28. .get_maintainer.conf
  29. .gitattributes
  30. .gitignore
  31. .gitlab-ci.yml
  32. .mailmap
  33. .readthedocs.yml
  34. config.mk
  35. Kbuild
  36. Kconfig
  37. MAINTAINERS
  38. Makefile
  39. README