readkey: fix buffer overflow handling longer escape sequences

My terminal emulator uses "\e[5;5~" (six bytes) to represent a Ctrl+PageUp, this overflows the esc buffer, which is only 5 bytes long as both UBSan and ASAN report. We have a check that should've avoided it, but it has an off-by one, which corrupts memory on sizes >= 4. Fix it. Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
author: Ahmad Fatoum <a.fatoum@pengutronix.de> 2020-09-14 12:05:50 +0200
committer: Sascha Hauer <s.hauer@pengutronix.de> 2020-09-14 15:50:26 +0200
commit: 5487aa192da08801c18d2e46560f0522be080e83 (patch)
tree: d75a19121231272ec2d54ebb2a31026a6568e098 /lib
parent: ddcd3d43c1132e5754fa91398dd2138a35660c43 (diff)
download: barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.gz
barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/readkey.c b/lib/readkey.c
index fd72951046..c26e9d51ab 100644
--- a/lib/readkey.c
+++ b/lib/readkey.c
@@ -61,7 +61,7 @@ int read_key(void)
 				esc[i] = getchar();
 				if (esc[i++] == '~')
 					break;
-				if (i == ARRAY_SIZE(esc))
+				if (i == ARRAY_SIZE(esc) - 1)
 					return -1;
 			}
 		}
author	Ahmad Fatoum <a.fatoum@pengutronix.de>	2020-09-14 12:05:50 +0200
committer	Sascha Hauer <s.hauer@pengutronix.de>	2020-09-14 15:50:26 +0200
commit	5487aa192da08801c18d2e46560f0522be080e83 (patch)
tree	d75a19121231272ec2d54ebb2a31026a6568e098 /lib
parent	ddcd3d43c1132e5754fa91398dd2138a35660c43 (diff)
download	barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.gz barebox-5487aa192da08801c18d2e46560f0522be080e83.tar.xz