Hi, There is another buffer overflow somewhere I think.
The code in kbdputsc() in kbd.c does not look very safe: kbscan->kc[kbscan->nk++] = c; <--------- no bound checking, can overflow. c = latin1(kbscan->kc, kbscan->nk); if(c < -1) /* need more keystrokes */ return; if(c != -1) /* valid sequence */ kbdputc(kbdq, c); else /* dump characters */ for(i=0; i<kbscan->nk; i++) kbdputc(kbdq, kbscan->kc[i]); kbscan->nk = 0; kbscan->collecting = 0; Actually with the plan9 actual iso, when I boot from the CD and in rio I open a new terminal and type <Alt> x ddddddddddddddddddddddddddd <Alt> lc then I crash the cpu.