ref: 83f8d591689cae964ba58fbcf172f6a4fa7003ed
parent: 32e23bdb5939c879f947cd6c0ae423165646180c
author: cinap_lenrek <[email protected]>
date: Mon May 16 18:24:39 EDT 2016
cc: prevent symbol buffer overflow
--- a/sys/src/cmd/cc/lex.c
+++ b/sys/src/cmd/cc/lex.c
@@ -734,6 +734,8 @@
* prefix has been stored
*/
for(;;) {
+ if(cp >= &symb[NSYMB-UTFmax-1])
+ goto toolong;
if(c >= Runeself) {
for(c1=0;;) {
cp[c1++] = c;
@@ -782,6 +784,8 @@
if(c != '0') {
c1 |= Numdec;
for(;;) {
+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(isdigit(c))
@@ -793,6 +797,8 @@
c = GETC();
if(c == 'x' || c == 'X')
for(;;) {
+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(isdigit(c))
@@ -809,6 +815,8 @@
goto dc;
for(;;) {
if(c >= '0' && c <= '7') {
+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
continue;
@@ -880,6 +888,8 @@
casedot:
for(;;) {
+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
if(!isdigit(c))
@@ -889,6 +899,8 @@
goto caseout;
casee:
+ if(cp >= &symb[NSYMB-2])
+ goto toolong;
*cp++ = 'e';
c = GETC();
if(c == '+' || c == '-') {
@@ -898,6 +910,8 @@
if(!isdigit(c))
yyerror("malformed fp constant exponent");
while(isdigit(c)) {
+ if(cp >= &symb[NSYMB-1])
+ goto toolong;
*cp++ = c;
c = GETC();
}
@@ -921,6 +935,11 @@
if(c1 & Numflt)
return LFCONST;
return LDCONST;
+
+toolong:
+ yyerror("token too long: %.*s...", (int)(cp-symb), symb);
+ errorexit();
+ return -1;
}
/*