cmd_reverse_search has a bug that the variable cursor is updated even if a command
wasn't found. If this happens, and the next key falls into the default case,
memmove's size parameter would be a negative number.
This bug can be reproduced by doing the following:
On cmd_reverse_search (ctrl-r), type multiple keys at the same time.
'Enjoy' the triple fault and a screen of random colors.
There is also a small bug that turns the task of using (ctrl-r) on the first command
impossible. Previously, this command was discarded.
Signed-off-by: Raphael S.Carvalho <raphael.scarv@gmail.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
break;
}
- while (!list_is_last(&last_found->list, &cli_history_head)) {
+ while (last_found) {
p = strstr(last_found->command, buf);
if (p)
break;
+
+ if (list_is_last(&last_found->list, &cli_history_head))
+ break;
+
last_found = list_entry(last_found->list.next, typeof(*last_found), list);
}
len = strlen(cmdline);
} else {
cmdline[0] = '\0';
- len = 0;
+ cursor = len = 0;
}
redraw = 1;
}
}
prev_len++;
} else {
+ if (cursor > len)
+ return NULL;
+
memmove(cmdline + cursor + 1, cmdline + cursor,
len - cursor + 1);
cmdline[cursor++] = key;
projects / platform / upstream / syslinux.git / commitdiff