On Mon, 1 May 2023 at 20:34, Heinrich Schuchardt <heinrich.schucha...@canonical.com> wrote: > > Invoking the sandbox with > > /u-boot -c ⧵0xef⧵0xbf⧵0xbd > > results in a segmentation fault. > > Function b_getch() retrieves a character from the input stream. This > character may be > 0x7f. If type char is signed, static_get() will > return a negative number and in parse_stream() we will use that > negative number as an index for array map[] resulting in a buffer > overflow. > > Reported-by: Harry Lockyer <harry_lock...@tutanota.com> > Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> > --- > common/cli_hush.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass <s...@chromium.org>