Commit 128059b9 authored by Rabin Vincent's avatar Rabin Vincent Committed by Tom Rini
Browse files

hush: fix segfault on syntax error



Hush segfaults if it sees a syntax error while attempting to parse a
command:

 $ ./u-boot -c "'"
 ...
 syntax error
 Segmentation fault (core dumped)

This is due to a NULL pointer dereference of in_str->p in static_peek().
The problem is that the exit condition for the loop in
parse_stream_outer() checks for rcode not being -1, but rcode is only
ever 0 or 1.
Signed-off-by: default avatarRabin Vincent <rabin@rab.in>
Acked-by: Simon Glass <sjg@chromium.org)
Tested-by: Simon Glass <sjg@chromium.org)
parent 484408fb
......@@ -3217,7 +3217,7 @@ static int parse_stream_outer(struct in_str *inp, int flag)
}
b_free(&temp);
/* loop on syntax errors, return on EOF */
} while (rcode != -1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
} while (rcode != 1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
(inp->peek != static_peek || b_peek(inp)));
#ifndef __U_BOOT__
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment