[PATCH master 4/7] readkey: fix buffer overflow handling longer escape sequences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My terminal emulator uses "\e[5;5~" (six bytes) to represent a
Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long
as both UBSan and ASAN report.

We have a check that should've avoided it, but it has an off-by one,
which corrupts memory on sizes >= 4. Fix it.

Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
 lib/readkey.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/readkey.c b/lib/readkey.c
index fd7295104694..c26e9d51aba9 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -61,7 +61,7 @@ int read_key(void)
 				esc[i] = getchar();
 				if (esc[i++] == '~')
 					break;
-				if (i == ARRAY_SIZE(esc))
+				if (i == ARRAY_SIZE(esc) - 1)
 					return -1;
 			}
 		}
-- 
2.28.0


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux