From e78980bd0c81d30792b81cc403042586abb1fe79 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 20 May 2016 14:09:26 +0200 Subject: [PATCH] Fix stack underflow that occurs with duplicated ESC in input When I tried to abort the net-snk TFTP boot by pressing ESC a couple of times, I sometimes noticed that SLOF ended up with a negative stack depth counter. After doing some closer investigation, I disovered that the problem can be reproduced by simply pressing "ESC ESC RETURN" at the SLOF prompt. The problem is in the code in accept.fs: If an ESC character is found in the input stream, the "handle-ESC" function is called. This reads in the next input character with "key", and if it does not match 0x5b or 0x4f, it calls "handle-meta" for further handling. handle-meta consumes the value from "key" on the stack to use it as an index into a jump table, thus the stack is empty now. If the index was a 0x1b (due to the second ESC character), the function handle-CSI is called. But that function expects another value as index for a jump table on the stack, and since the stack was already empty, we end up with a negative stack depth here. Apparently, handle-meta should call a function instead that uses "key" to get another character from the input stream, before calling the handle-CSI function. Signed-off-by: Thomas Huth Tested-by: Nikunj A Dadhania Signed-off-by: Alexey Kardashevskiy --- slof/fs/accept.fs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/slof/fs/accept.fs b/slof/fs/accept.fs index 7e8e271..cb6f2fa 100644 --- a/slof/fs/accept.fs +++ b/slof/fs/accept.fs @@ -295,6 +295,10 @@ TABLE-EXECUTE handle-CSI 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , +: handle-CSI-key + key 1f and handle-CSI +; + TABLE-EXECUTE handle-meta 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , @@ -302,7 +306,7 @@ TABLE-EXECUTE handle-meta 0 , 0 , 0 , ' handle-fn , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , -0 , 0 , 0 , ' handle-CSI , +0 , 0 , 0 , ' handle-CSI-key , 0 , 0 , 0 , 0 , : handle-ESC-O