[SLOF] [PATCH] Fix stack underflow that occurs with duplicated ESC in input

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Mon May 23 15:25:36 AEST 2016 

Thomas Huth <thuth at redhat.com> writes:

> When I tried to abort the net-snk TFTP boot by pressing ESC
> a couple of times, I sometimes noticed that SLOF ended up
> with a negative stack depth counter. After doing some closer
> investigation, I disovered that the problem can be reproduced
> by simply pressing "ESC ESC RETURN" at the SLOF prompt.
>
> The problem is in the code in accept.fs: If an ESC character is
> found in the input stream, the "handle-ESC" function is called.
> This reads in the next input character with "key", and if it
> does not match 0x5b or 0x4f, it calls "handle-meta" for further
> handling. handle-meta consumes the value from "key" on the stack
> to use it as an index into a jump table, thus the stack is empty
> now. If the index was a 0x1b (due to the second ESC character),
> the function handle-CSI is called. But that function expects
> another value as index for a jump table on the stack, and since
> the stack was already empty, we end up with a negative stack
> depth here.
> Apparently, handle-meta should call a function instead that
> uses "key" to get another character from the input stream,
> before calling the handle-CSI function.
>
> Signed-off-by: Thomas Huth <thuth at redhat.com>

Tested-by: Nikunj A Dadhania <nikunj at linux.vnet.ibm.com>

> ---
>  slof/fs/accept.fs | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/slof/fs/accept.fs b/slof/fs/accept.fs
> index 7e8e271..cb6f2fa 100644
> --- a/slof/fs/accept.fs
> +++ b/slof/fs/accept.fs
> @@ -295,6 +295,10 @@ TABLE-EXECUTE handle-CSI
>  0 , 0 , 0 , 0 ,
>  0 , 0 , 0 , 0 ,
>
> +: handle-CSI-key
> +    key 1f and handle-CSI
> +;
> +
>  TABLE-EXECUTE handle-meta
>  0 , 0 , 0 , 0 ,
>  0 , 0 , 0 , 0 ,
> @@ -302,7 +306,7 @@ TABLE-EXECUTE handle-meta
>  0 , 0 , 0 , ' handle-fn ,
>  0 , 0 , 0 , 0 ,
>  0 , 0 , 0 , 0 ,
> -0 , 0 , 0 , ' handle-CSI ,
> +0 , 0 , 0 , ' handle-CSI-key ,
>  0 , 0 , 0 , 0 ,
>
>  : handle-ESC-O
> -- 
> 1.8.3.1

More information about the SLOF mailing list