diff options
author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2020-09-14 12:05:50 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2020-09-14 15:50:26 +0200 |
commit | 5487aa192da08801c18d2e46560f0522be080e83 (patch) | |
tree | d75a19121231272ec2d54ebb2a31026a6568e098 /lib | |
parent | ddcd3d43c1132e5754fa91398dd2138a35660c43 (diff) | |
download | barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.gz barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.xz |
readkey: fix buffer overflow handling longer escape sequences
My terminal emulator uses "\e[5;5~" (six bytes) to represent a
Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long
as both UBSan and ASAN report.
We have a check that should've avoided it, but it has an off-by one,
which corrupts memory on sizes >= 4. Fix it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/readkey.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/readkey.c b/lib/readkey.c index fd72951046..c26e9d51ab 100644 --- a/lib/readkey.c +++ b/lib/readkey.c @@ -61,7 +61,7 @@ int read_key(void) esc[i] = getchar(); if (esc[i++] == '~') break; - if (i == ARRAY_SIZE(esc)) + if (i == ARRAY_SIZE(esc) - 1) return -1; } } |