When args = "\"\0", "i" will be 0 and args[i-1] is used (line:238) Because of "i" is an unsigned int type, the function will access at args[0xFFFFFFFF] It can make a crash
Signed-off-by: Seungil Kang <sil.k...@samsung.com> --- lib/cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cmdline.c b/lib/cmdline.c index fbb9981a04a4..2fd29d7723b2 100644 --- a/lib/cmdline.c +++ b/lib/cmdline.c @@ -200,7 +200,7 @@ bool parse_option_str(const char *str, const char *option) */ char *next_arg(char *args, char **param, char **val) { - unsigned int i, equals = 0; + int i, equals = 0; int in_quote = 0, quoted = 0; char *next; -- 2.17.1