From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH master 4/7] readkey: fix buffer overflow handling longer escape sequences
Date: Mon, 14 Sep 2020 12:05:50 +0200 [thread overview]
Message-ID: <20200914100553.24808-4-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20200914100553.24808-1-a.fatoum@pengutronix.de>
My terminal emulator uses "\e[5;5~" (six bytes) to represent a
Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long
as both UBSan and ASAN report.
We have a check that should've avoided it, but it has an off-by one,
which corrupts memory on sizes >= 4. Fix it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
lib/readkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/readkey.c b/lib/readkey.c
index fd7295104694..c26e9d51aba9 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -61,7 +61,7 @@ int read_key(void)
esc[i] = getchar();
if (esc[i++] == '~')
break;
- if (i == ARRAY_SIZE(esc))
+ if (i == ARRAY_SIZE(esc) - 1)
return -1;
}
}
--
2.28.0
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2020-09-14 10:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 10:05 [PATCH master 1/7] sandbox: hostfile: error out if file couldn't be opened Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 2/7] sandbox: add_image: support mmaping block devices on 32-bit hosts Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 3/7] sandbox: support escaping commas in --image filenames Ahmad Fatoum
2020-09-14 13:42 ` Ahmad Fatoum
2020-09-14 10:05 ` Ahmad Fatoum [this message]
2020-09-14 10:05 ` [PATCH master 5/7] sandbox: fix SANDBOX_UNWIND dependency to be KASAN only Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 6/7] fs: don't free device in remove callback Ahmad Fatoum
2020-09-14 10:05 ` [PATCH master 7/7] common: ubsan: replace pr_err with printf Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914100553.24808-4-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox