From 12d31075eb5cfd5deeef507dd04d6a531422ab12 Mon Sep 17 00:00:00 2001 From: Huang Qi Date: Sun, 5 Mar 2023 09:07:36 +0800 Subject: [PATCH] nsh: Fix a buffer overflow in `help` Introduced by https://github.com/apache/nuttx-apps/pull/1610, internal line buffer should have more bytes for tab before newline and '\0'. Signed-off-by: Huang Qi --- nshlib/nsh_command.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nshlib/nsh_command.c b/nshlib/nsh_command.c index 6352890ba..f4f9c656b 100644 --- a/nshlib/nsh_command.c +++ b/nshlib/nsh_command.c @@ -45,6 +45,7 @@ /* Help command summary layout */ #define HELP_LINELEN 80 +#define HELP_TABSIZE 4 #define NUM_CMDS ((sizeof(g_cmdmap)/sizeof(struct cmdmap_s)) - 1) /**************************************************************************** @@ -616,7 +617,10 @@ static inline void help_cmdlist(FAR struct nsh_vtbl_s *vtbl) unsigned int j; unsigned int k; unsigned int offset; - char line[HELP_LINELEN]; + + /* Extra 5 bytes for tab before newline and '\0' */ + + char line[HELP_LINELEN + HELP_TABSIZE + 1]; /* Pick an optimal column width */ @@ -654,7 +658,7 @@ static inline void help_cmdlist(FAR struct nsh_vtbl_s *vtbl) { /* Tab before a new line */ - offset = 4; + offset = HELP_TABSIZE; memset(line, ' ', offset); for (j = 0, k = i;