On Tue, May 02, 2023 at 04:34:09AM +0200, Heinrich Schuchardt wrote:

> Invoking the sandbox with
> 
>     /u-boot -c ⧵0xef⧵0xbf⧵0xbd
> 
> results in a segmentation fault.
> 
> Function b_getch() retrieves a character from the input stream. This
> character may be > 0x7f. If type char is signed, static_get() will
> return a negative number and in parse_stream() we will use that
> negative number as an index for array map[] resulting in a buffer
> overflow.
> 
> Reported-by: Harry Lockyer <harry_lock...@tutanota.com>
> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> Reviewed-by: Simon Glass <s...@chromium.org>

Applied to u-boot/next, thanks!

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to