Fix stack underflow that occurs with duplicated ESC in input

When I tried to abort the net-snk TFTP boot by pressing ESC
a couple of times, I sometimes noticed that SLOF ended up
with a negative stack depth counter. After doing some closer
investigation, I disovered that the problem can be reproduced
by simply pressing "ESC ESC RETURN" at the SLOF prompt.

The problem is in the code in accept.fs: If an ESC character is
found in the input stream, the "handle-ESC" function is called.
This reads in the next input character with "key", and if it
does not match 0x5b or 0x4f, it calls "handle-meta" for further
handling. handle-meta consumes the value from "key" on the stack
to use it as an index into a jump table, thus the stack is empty
now. If the index was a 0x1b (due to the second ESC character),
the function handle-CSI is called. But that function expects
another value as index for a jump table on the stack, and since
the stack was already empty, we end up with a negative stack
depth here.
Apparently, handle-meta should call a function instead that
uses "key" to get another character from the input stream,
before calling the handle-CSI function.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Tested-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>

1 files changed, 5 insertions, 1 deletions

diff --git a/slof/fs/accept.fs b/slof/fs/accept.fs
index 7e8e271..cb6f2fa 100644
--- a/slof/fs/accept.fs
+++ b/slof/fs/accept.fs
@@ -295,6 +295,10 @@ TABLE-EXECUTE handle-CSI
 0 , 0 , 0 , 0 ,
 0 , 0 , 0 , 0 ,
 
+: handle-CSI-key
+    key 1f and handle-CSI
+;
+
 TABLE-EXECUTE handle-meta
 0 , 0 , 0 , 0 ,
 0 , 0 , 0 , 0 ,
@@ -302,7 +306,7 @@ TABLE-EXECUTE handle-meta
 0 , 0 , 0 , ' handle-fn ,
 0 , 0 , 0 , 0 ,
 0 , 0 , 0 , 0 ,
-0 , 0 , 0 , ' handle-CSI ,
+0 , 0 , 0 , ' handle-CSI-key ,
 0 , 0 , 0 , 0 ,
 
 : handle-ESC-O