com32: Fix bugs on cmd_reverse_search (Triple fault dimension)

cmd_reverse_search has a bug that the variable cursor is updated even if a command
wasn't found. If this happens, and the next key falls into the default case,
memmove's size parameter would be a negative number.

This bug can be reproduced by doing the following:
On cmd_reverse_search (ctrl-r), type multiple keys at the same time.
'Enjoy' the triple fault and a screen of random colors.

There is also a small bug that turns the task of using (ctrl-r) on the first command
impossible. Previously, this command was discarded.

Signed-off-by: Raphael S.Carvalho <raphael.scarv@gmail.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/com32/elflink/ldlinux/cli.c b/com32/elflink/ldlinux/cli.c
index 7c4f14c6..a50124c3 100644
--- a/com32/elflink/ldlinux/cli.c
+++ b/com32/elflink/ldlinux/cli.c
@@ -89,10 +89,14 @@ static const char * cmd_reverse_search(int *cursor, clock_t *kbd_to,
 	    break;
 	}
 
-	while (!list_is_last(&last_found->list, &cli_history_head)) {
+	while (last_found) {
 	    p = strstr(last_found->command, buf);
 	    if (p)
 	        break;
+
+	    if (list_is_last(&last_found->list, &cli_history_head))
+		break;
+
 	    last_found = list_entry(last_found->list.next, typeof(*last_found), list);
 	}
 
@@ -391,7 +395,7 @@ const char *edit_cmdline(const char *input, int top /*, int width */ ,
 		    len = strlen(cmdline);
 	        } else {
 	            cmdline[0] = '\0';
-		    len = 0;
+		    cursor = len = 0;
 	        }
 	        redraw = 1;
 	    }
@@ -441,6 +445,9 @@ const char *edit_cmdline(const char *input, int top /*, int width */ ,
 		    }
 		    prev_len++;
 		} else {
+		    if (cursor > len)
+			return NULL;
+
 		    memmove(cmdline + cursor + 1, cmdline + cursor,
 			    len - cursor + 1);
 		    cmdline[cursor++] = key;