/src/shell/shell.c
Line 24
You increment the array by -1 (i--)
But you don't do any bounds check
Which could let a user backspace into a negative buffer
Buffer[-i] <- oob memory write
My fix, add bounds checking
void shell_read_line(char buf[], size_t size) {
size_t i = 0;
char ch;
while ((ch = shell_read_char())) {
if (ch == '\b') {
if (i > 0) {
i--; // prevent underflow
}
} else {
if (i < size - 1) {
buf[i++] = ch; // prevent overflow
}
}
}
buf[i] = '\0';
}
/src/shell/shell.c
Line 24
You increment the array by -1 (i--)
But you don't do any bounds check
Which could let a user backspace into a negative buffer
Buffer[-i] <- oob memory write
My fix, add bounds checking