1 Jun
2023
1 Jun
'23
5:24 p.m.
On Tue, May 02, 2023 at 04:34:09AM +0200, Heinrich Schuchardt wrote:
Invoking the sandbox with
/u-boot -c ⧵0xef⧵0xbf⧵0xbdresults in a segmentation fault.
Function b_getch() retrieves a character from the input stream. This character may be > 0x7f. If type char is signed, static_get() will return a negative number and in parse_stream() we will use that negative number as an index for array map[] resulting in a buffer overflow.
Reported-by: Harry Lockyer harry_lockyer@tutanota.com Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/next, thanks!
--
Tom