* [PATCH 1/2] commands: edit: Fix potential out-of-bound access
@ 2025-03-31 17:40 Jules Maselbas
2025-03-31 17:40 ` [PATCH 2/2] commands: edit: remove the memset call on screenline Jules Maselbas
2025-04-01 6:02 ` [PATCH 1/2] commands: edit: Fix potential out-of-bound access Sascha Hauer
0 siblings, 2 replies; 3+ messages in thread
From: Jules Maselbas @ 2025-03-31 17:40 UTC (permalink / raw)
To: barebox
The local lbuf can potentially be left not nul-terminated,
and the tab expension can potentially write out-of-bound.
Signed-off-by: Jules Maselbas <jmaselbas@zdiv.net>
---
commands/edit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/commands/edit.c b/commands/edit.c
index fcf8ad90f5..3bbe60fdbf 100644
--- a/commands/edit.c
+++ b/commands/edit.c
@@ -53,14 +53,14 @@ static char *screenline(char *line, int *pos)
return lbuf;
}
- for (i = 0; outpos < 1024; i++) {
+ for (i = 0; outpos < sizeof(lbuf) - 1; i++) {
if (i == textx && pos)
*pos = outpos;
if (!line[i])
break;
if (line[i] == '\t') {
lbuf[outpos++] = ' ';
- while (outpos % TABSPACE)
+ while (outpos < sizeof(lbuf) - 1 && outpos % TABSPACE)
lbuf[outpos++] = ' ';
continue;
}
--
2.48.1
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH 2/2] commands: edit: remove the memset call on screenline
2025-03-31 17:40 [PATCH 1/2] commands: edit: Fix potential out-of-bound access Jules Maselbas
@ 2025-03-31 17:40 ` Jules Maselbas
2025-04-01 6:02 ` [PATCH 1/2] commands: edit: Fix potential out-of-bound access Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Jules Maselbas @ 2025-03-31 17:40 UTC (permalink / raw)
To: barebox
Rework the screenline function so the lbuf doesn't have to be
initialized to zero eachtime the screenline function is called.
Signed-off-by: Jules Maselbas <jmaselbas@zdiv.net>
---
commands/edit.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/commands/edit.c b/commands/edit.c
index 3bbe60fdbf..28c9ab8877 100644
--- a/commands/edit.c
+++ b/commands/edit.c
@@ -46,11 +46,9 @@ static char *screenline(char *line, int *pos)
int i, outpos = 0;
static char lbuf[1024];
- memset(lbuf, 0, 1024);
-
if (!line) {
- lbuf[0] = '~';
- return lbuf;
+ lbuf[outpos++] = '~';
+ goto out;
}
for (i = 0; outpos < sizeof(lbuf) - 1; i++) {
@@ -67,6 +65,8 @@ static char *screenline(char *line, int *pos)
lbuf[outpos++] = line[i];
}
+out:
+ lbuf[outpos] = 0;
return lbuf;
}
--
2.48.1
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH 1/2] commands: edit: Fix potential out-of-bound access
2025-03-31 17:40 [PATCH 1/2] commands: edit: Fix potential out-of-bound access Jules Maselbas
2025-03-31 17:40 ` [PATCH 2/2] commands: edit: remove the memset call on screenline Jules Maselbas
@ 2025-04-01 6:02 ` Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Sascha Hauer @ 2025-04-01 6:02 UTC (permalink / raw)
To: barebox, Jules Maselbas
On Mon, 31 Mar 2025 19:40:49 +0200, Jules Maselbas wrote:
> The local lbuf can potentially be left not nul-terminated,
> and the tab expension can potentially write out-of-bound.
>
>
Applied, thanks!
[1/2] commands: edit: Fix potential out-of-bound access
https://git.pengutronix.de/cgit/barebox/commit/?id=d653f475709c (link may not be stable)
[2/2] commands: edit: remove the memset call on screenline
https://git.pengutronix.de/cgit/barebox/commit/?id=4c841ff9831f (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-04-01 6:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-31 17:40 [PATCH 1/2] commands: edit: Fix potential out-of-bound access Jules Maselbas
2025-03-31 17:40 ` [PATCH 2/2] commands: edit: remove the memset call on screenline Jules Maselbas
2025-04-01 6:02 ` [PATCH 1/2] commands: edit: Fix potential out-of-bound access Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox