From 915facad2232ff68b740ad698d9cb2b8c2277f6e Mon Sep 17 00:00:00 2001
From: zq301 <zhaoqian301@gmail.com>
Date: Sun, 24 Jan 2016 14:39:48 +0800
Subject: [PATCH 1/3] a memory overflow in shell-vars.c

" sprintf(numbuf, "0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x",...)" . the formatted data wrote to "numbuf" is 39 bytes, but numbuf is 32 bytes.
---
 apps/shell/shell-vars.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/shell/shell-vars.c b/apps/shell/shell-vars.c
index b28834f4a..1e562d944 100644
--- a/apps/shell/shell-vars.c
+++ b/apps/shell/shell-vars.c
@@ -90,7 +90,8 @@ PROCESS_THREAD(shell_var_process, ev, data)
 {
   int i;
   int j;
-  char numbuf[32];
+  
+  char numbuf[39];
   
   PROCESS_BEGIN();
 

From e7c26c57db37494560c65d5e0d45070021dcc1c4 Mon Sep 17 00:00:00 2001
From: zq301 <zhaoqian301@gmail.com>
Date: Mon, 25 Jan 2016 09:35:15 +0800
Subject: [PATCH 2/3] Update shell-vars.c

---
 apps/shell/shell-vars.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/shell/shell-vars.c b/apps/shell/shell-vars.c
index 1e562d944..84b7724e9 100644
--- a/apps/shell/shell-vars.c
+++ b/apps/shell/shell-vars.c
@@ -91,7 +91,7 @@ PROCESS_THREAD(shell_var_process, ev, data)
   int i;
   int j;
   
-  char numbuf[39];
+  char numbuf[40];
   
   PROCESS_BEGIN();
 

From d36eab37506ba4183fbed63013933e195d6e8588 Mon Sep 17 00:00:00 2001
From: zq301 <zhaoqian301@gmail.com>
Date: Mon, 25 Jan 2016 09:35:49 +0800
Subject: [PATCH 3/3] Update shell-vars.c

---
 apps/shell/shell-vars.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/shell/shell-vars.c b/apps/shell/shell-vars.c
index 84b7724e9..14b484923 100644
--- a/apps/shell/shell-vars.c
+++ b/apps/shell/shell-vars.c
@@ -90,7 +90,6 @@ PROCESS_THREAD(shell_var_process, ev, data)
 {
   int i;
   int j;
-  
   char numbuf[40];
   
   PROCESS_BEGIN();