My terminal emulator uses "\e[5;5~" (six bytes) to represent a Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long as both UBSan and ASAN report. We have a check that should've avoided it, but it has an off-by one, which corrupts memory on sizes >= 4. Fix it. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- lib/readkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/readkey.c b/lib/readkey.c index fd7295104694..c26e9d51aba9 100644 --- a/lib/readkey.c +++ b/lib/readkey.c @@ -61,7 +61,7 @@ int read_key(void) esc[i] = getchar(); if (esc[i++] == '~') break; - if (i == ARRAY_SIZE(esc)) + if (i == ARRAY_SIZE(esc) - 1) return -1; } } -- 2.28.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox