[PATCH master 4/7] readkey: fix buffer overflow handling longer escape sequences
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Sep 14 06:05:50 EDT 2020
My terminal emulator uses "\e[5;5~" (six bytes) to represent a
Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long
as both UBSan and ASAN report.
We have a check that should've avoided it, but it has an off-by one,
which corrupts memory on sizes >= 4. Fix it.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
lib/readkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/readkey.c b/lib/readkey.c
index fd7295104694..c26e9d51aba9 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -61,7 +61,7 @@ int read_key(void)
esc[i] = getchar();
if (esc[i++] == '~')
break;
- if (i == ARRAY_SIZE(esc))
+ if (i == ARRAY_SIZE(esc) - 1)
return -1;
}
}
--
2.28.0
More information about the barebox
mailing list