shithub: riscv

Download patch

ref: 83f8d591689cae964ba58fbcf172f6a4fa7003ed
parent: 32e23bdb5939c879f947cd6c0ae423165646180c
author: cinap_lenrek <[email protected]>
date: Mon May 16 18:24:39 EDT 2016

cc: prevent symbol buffer overflow

--- a/sys/src/cmd/cc/lex.c
+++ b/sys/src/cmd/cc/lex.c
@@ -734,6 +734,8 @@
 	 * prefix has been stored
 	 */
 	for(;;) {
+		if(cp >= &symb[NSYMB-UTFmax-1])
+			goto toolong;
 		if(c >= Runeself) {
 			for(c1=0;;) {
 				cp[c1++] = c;
@@ -782,6 +784,8 @@
 	if(c != '0') {
 		c1 |= Numdec;
 		for(;;) {
+			if(cp >= &symb[NSYMB-1])
+				goto toolong;
 			*cp++ = c;
 			c = GETC();
 			if(isdigit(c))
@@ -793,6 +797,8 @@
 	c = GETC();
 	if(c == 'x' || c == 'X')
 		for(;;) {
+			if(cp >= &symb[NSYMB-1])
+				goto toolong;
 			*cp++ = c;
 			c = GETC();
 			if(isdigit(c))
@@ -809,6 +815,8 @@
 		goto dc;
 	for(;;) {
 		if(c >= '0' && c <= '7') {
+			if(cp >= &symb[NSYMB-1])
+				goto toolong;
 			*cp++ = c;
 			c = GETC();
 			continue;
@@ -880,6 +888,8 @@
 
 casedot:
 	for(;;) {
+		if(cp >= &symb[NSYMB-1])
+			goto toolong;
 		*cp++ = c;
 		c = GETC();
 		if(!isdigit(c))
@@ -889,6 +899,8 @@
 		goto caseout;
 
 casee:
+	if(cp >= &symb[NSYMB-2])
+		goto toolong;
 	*cp++ = 'e';
 	c = GETC();
 	if(c == '+' || c == '-') {
@@ -898,6 +910,8 @@
 	if(!isdigit(c))
 		yyerror("malformed fp constant exponent");
 	while(isdigit(c)) {
+		if(cp >= &symb[NSYMB-1])
+			goto toolong;
 		*cp++ = c;
 		c = GETC();
 	}
@@ -921,6 +935,11 @@
 	if(c1 & Numflt)
 		return LFCONST;
 	return LDCONST;
+
+toolong:
+	yyerror("token too long: %.*s...", (int)(cp-symb), symb);
+	errorexit();
+	return -1;
 }
 
 /*