cread_add_char doesn't take the trailing '\0' into account, so adding it at the end of readline can overflow the buffer. Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> --- lib/readline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/readline.c b/lib/readline.c index c007e10..4c9bb76 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -150,7 +150,7 @@ static void cread_add_char(char ichar, int insert, unsigned long *num, /* room ??? */ if (insert || *num == *eol_num) { - if (*eol_num > len - 1) { + if (*eol_num > len - 2) { getcmd_cbeep(); return; } -- 2.6.2 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox