When args = "\"\0", "i" will be 0 and args[i-1] is used (line:238)
Because of "i" is an unsigned int type,
the function will access at args[0xFFFFFFFF]
It can make a crash
Signed-off-by: Seungil Kang <sil.k...@samsung.com>
---
lib/cmdline.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cmdline.c b/lib/cmdline.c
index fbb9981a04a4..2fd29d7723b2 100644
--- a/lib/cmdline.c
+++ b/lib/cmdline.c
@@ -200,7 +200,7 @@ bool parse_option_str(const char *str, const char *option)
*/
char *next_arg(char *args, char **param, char **val)
{
- unsigned int i, equals = 0;
+ int i, equals = 0;
int in_quote = 0, quoted = 0;
char *next;
--
2.17.1
