2 May
2023
2 May
'23
7:12 p.m.
On Mon, 1 May 2023 at 20:34, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:
Invoking the sandbox with
/u-boot -c ⧵0xef⧵0xbf⧵0xbdresults in a segmentation fault.
Function b_getch() retrieves a character from the input stream. This character may be > 0x7f. If type char is signed, static_get() will return a negative number and in parse_stream() we will use that negative number as an index for array map[] resulting in a buffer overflow.
Reported-by: Harry Lockyer harry_lockyer@tutanota.com Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
common/cli_hush.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org