* [PATCH] readkey: force return from while true
@ 2011-11-22 12:32 Jan Weitzel
2011-11-22 20:20 ` Sascha Hauer
0 siblings, 1 reply; 4+ messages in thread
From: Jan Weitzel @ 2011-11-22 12:32 UTC (permalink / raw)
To: barebox
If read_key is feeded by STRG + KEY_LEFT you run into the while(1)
loop and corrupt memory through esc array.
Force return if index gets too high.
Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
---
lib/readkey.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/readkey.c b/lib/readkey.c
index a42d1cb..895db82 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -67,6 +67,8 @@ int read_key(void)
esc[i] = getc();
if (esc[i++] == '~')
break;
+ if (i == 5)
+ return -1;
}
}
esc[i] = 0;
--
1.7.0.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] readkey: force return from while true
2011-11-22 12:32 [PATCH] readkey: force return from while true Jan Weitzel
@ 2011-11-22 20:20 ` Sascha Hauer
2011-11-24 9:19 ` Marc Kleine-Budde
0 siblings, 1 reply; 4+ messages in thread
From: Sascha Hauer @ 2011-11-22 20:20 UTC (permalink / raw)
To: Jan Weitzel; +Cc: barebox
On Tue, Nov 22, 2011 at 01:32:19PM +0100, Jan Weitzel wrote:
> If read_key is feeded by STRG + KEY_LEFT you run into the while(1)
> loop and corrupt memory through esc array.
> Force return if index gets too high.
>
Wow, a shortcut to crash barebox. Applied to master.
Sascha
> Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
> ---
> lib/readkey.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/lib/readkey.c b/lib/readkey.c
> index a42d1cb..895db82 100644
> --- a/lib/readkey.c
> +++ b/lib/readkey.c
> @@ -67,6 +67,8 @@ int read_key(void)
> esc[i] = getc();
> if (esc[i++] == '~')
> break;
> + if (i == 5)
> + return -1;
> }
> }
> esc[i] = 0;
> --
> 1.7.0.4
>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] readkey: force return from while true
2011-11-22 20:20 ` Sascha Hauer
@ 2011-11-24 9:19 ` Marc Kleine-Budde
2011-11-24 10:48 ` [PATCH v2] " Jan Weitzel
0 siblings, 1 reply; 4+ messages in thread
From: Marc Kleine-Budde @ 2011-11-24 9:19 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox
[-- Attachment #1.1: Type: text/plain, Size: 1324 bytes --]
On 11/22/2011 09:20 PM, Sascha Hauer wrote:
> On Tue, Nov 22, 2011 at 01:32:19PM +0100, Jan Weitzel wrote:
>> If read_key is feeded by STRG + KEY_LEFT you run into the while(1)
>> loop and corrupt memory through esc array.
>> Force return if index gets too high.
>>
>
> Wow, a shortcut to crash barebox. Applied to master.
>
> Sascha
>
>> Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
>> ---
>> lib/readkey.c | 2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/lib/readkey.c b/lib/readkey.c
>> index a42d1cb..895db82 100644
>> --- a/lib/readkey.c
>> +++ b/lib/readkey.c
>> @@ -67,6 +67,8 @@ int read_key(void)
>> esc[i] = getc();
>> if (esc[i++] == '~')
>> break;
>> + if (i == 5)
ARRAY_SIZE?
>> + return -1;
>> }
>> }
>> esc[i] = 0;
>> --
>> 1.7.0.4
>>
>>
>> _______________________________________________
>> barebox mailing list
>> barebox@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/barebox
>>
>
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
[-- Attachment #2: Type: text/plain, Size: 149 bytes --]
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] readkey: force return from while true
2011-11-24 9:19 ` Marc Kleine-Budde
@ 2011-11-24 10:48 ` Jan Weitzel
0 siblings, 0 replies; 4+ messages in thread
From: Jan Weitzel @ 2011-11-24 10:48 UTC (permalink / raw)
To: barebox
If read_key is feeded by STRG + KEY_LEFT you run into the while(1)
loop and corrupt memory through esc array.
Force return if index gets too high.
Signed-off-by: Jan Weitzel <j.weitzel@phytec.de>
---
v2: use ARRAY_SIZE
lib/readkey.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/readkey.c b/lib/readkey.c
index a42d1cb..1117c30 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -67,6 +67,8 @@ int read_key(void)
esc[i] = getc();
if (esc[i++] == '~')
break;
+ if (i == ARRAY_SIZE(esc))
+ return -1;
}
}
esc[i] = 0;
--
1.7.0.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-11-24 10:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-11-22 12:32 [PATCH] readkey: force return from while true Jan Weitzel
2011-11-22 20:20 ` Sascha Hauer
2011-11-24 9:19 ` Marc Kleine-Budde
2011-11-24 10:48 ` [PATCH v2] " Jan Weitzel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox