ref: 20bc2210a0e5838b74c6cae694b29b0b373e8525
parent: 080b66989af0d8ca87cca709ab2d709b4fff3451
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon May 16 18:24:39 EDT 2016
cc: prevent symbol buffer overflow
--- a/sys/src/cmd/cc/lex.c
+++ b/sys/src/cmd/cc/lex.c
@@ -734,6 +734,8 @@
* prefix has been stored
*/
for(;;) {+ if(cp >= &symb[NSYMB-UTFmax-1])
+ goto toolong;
if(c >= Runeself) { for(c1=0;;) {cp[c1++] = c;
@@ -782,6 +784,8 @@
if(c != '0') {c1 |= Numdec;
for(;;) {+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(isdigit(c))
@@ -793,6 +797,8 @@
c = GETC();
if(c == 'x' || c == 'X')
for(;;) {+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(isdigit(c))
@@ -809,6 +815,8 @@
goto dc;
for(;;) { if(c >= '0' && c <= '7') {+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
continue;
@@ -880,6 +888,8 @@
casedot:
for(;;) {+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(!isdigit(c))
@@ -889,6 +899,8 @@
goto caseout;
casee:
+ if(cp >= &symb[NSYMB-2])
+ goto toolong;
*cp++ = 'e';
c = GETC();
if(c == '+' || c == '-') {@@ -898,6 +910,8 @@
if(!isdigit(c))
yyerror("malformed fp constant exponent"); while(isdigit(c)) {+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
}
@@ -921,6 +935,11 @@
if(c1 & Numflt)
return LFCONST;
return LDCONST;
+
+toolong:
+ yyerror("token too long: %.*s...", (int)(cp-symb), symb);+ errorexit();
+ return -1;
}
/*
--
⑨