Hi,
There is another buffer overflow somewhere I think.
The code in kbdputsc() in kbd.c does not look very safe:
kbscan->kc[kbscan->nk++] = c; <--------- no bound checking, can
overflow.
c = latin1(kbscan->kc, kbscan->nk);
if(c < -1) /* need more keystrokes */
return;
if(c != -1) /* valid sequence */
kbdputc(kbdq, c);
else /* dump characters */
for(i=0; i<kbscan->nk; i++)
kbdputc(kbdq, kbscan->kc[i]);
kbscan->nk = 0;
kbscan->collecting = 0;
Actually with the plan9 actual iso, when I boot from the CD
and in rio I open a new terminal and type
<Alt> x ddddddddddddddddddddddddddd <Alt> lc
then I crash the cpu.
