Hi,
There is another buffer overflow somewhere I think.
The code in kbdputsc() in kbd.c does not look very safe:
kbscan->kc[kbscan->nk++] = c; <- no bound checking, can
overflow.
c = latin1(kbscan->kc, kbscan->nk);
if(c < -1) /* need
On Fri Jun 20 06:24:25 EDT 2014, p...@fb.com wrote:
good catch, but...
> The code in kbdputsc() in kbd.c does not look very safe:
>
> kbscan->kc[kbscan->nk++] = c; <- no bound checking, can
> overflow.
this behavior depends entirely on what latin1() does. if
latin1() will
