cli: avoid buffer overrun

Invoking the sandbox with /u-boot -c ⧵0xef⧵0xbf⧵0xbd results in a segmentation fault. Function b_getch() retrieves a character from the input stream. This character may be > 0x7f. If type char is signed, static_get() will return a negative number and in parse_stream() we will use that negative number as an index for array map[] resulting in a buffer overflow. Reported-by: Harry Lockyer <harry_lockyer@tutanota.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2023-05-02 04:34:09 +0200
committer: Tom Rini <trini@konsulko.com> 2023-05-31 17:23:01 -0400
commit: 7bae13da36477ce451ef5975e0cf79dbe035b52c (patch)
tree: 8d2cf90e7e8af689f178237f068fcee64f274f28
parent: 1310ad3aacf5cae97a2f3457ec9ef56f0d88bc09 (diff)
download: u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.zip
u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.tar.gz
u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/cli_hush.c b/common/cli_hush.c
index 171069f..cee8724 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -324,7 +324,7 @@ typedef struct {
 /* I can almost use ordinary FILE *.  Is open_memstream() universally
  * available?  Where is it documented? */
 struct in_str {
-	const char *p;
+	const unsigned char *p;
 #ifndef __U_BOOT__
 	char peek_buf[2];
 #endif
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2023-05-02 04:34:09 +0200
committer	Tom Rini <trini@konsulko.com>	2023-05-31 17:23:01 -0400
commit	7bae13da36477ce451ef5975e0cf79dbe035b52c (patch)
tree	8d2cf90e7e8af689f178237f068fcee64f274f28
parent	1310ad3aacf5cae97a2f3457ec9ef56f0d88bc09 (diff)
download	u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.zip u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.tar.gz u-boot-7bae13da36477ce451ef5975e0cf79dbe035b52c.tar.bz2