kc3-lang/libxkbcommon

Browse

Commit e9537d50d0239c8444de74f85ff063e629242c67

Ran Benita 2012-04-08T20:58:39

Fix possible overflow in scanner Also reduce the size of scanBuf given that it's allocated on the stack, and 1024 is enough. Signed-off-by: Ran Benita <ran234@gmail.com> 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

diff --git a/src/xkbcomp/parseutils.h b/src/xkbcomp/parseutils.h
index 80a9000..81c4165 100644
--- a/src/xkbcomp/parseutils.h
+++ b/src/xkbcomp/parseutils.h
@@ -37,8 +37,7 @@ struct parser_param {
 
 struct scanner_extra {
     char *scanFile;
-    /* FIXME: This can overflow! */
-    char scanBuf[8192];
+    char scanBuf[1024];
     char *s;
 };
 
diff --git a/src/xkbcomp/xkbscan.l b/src/xkbcomp/xkbscan.l
index 9e08a76..276ee8f 100644
--- a/src/xkbcomp/xkbscan.l
+++ b/src/xkbcomp/xkbscan.l
@@ -40,19 +40,21 @@ extern int yyparse(struct parser_param *param);
         yylloc->last_line = yylineno;   \
 }
 
+#define APPEND_S(ch) do {                                               \
+    if (yyextra->s - yyextra->scanBuf >= sizeof(yyextra->scanBuf) - 1)  \
+        return ERROR_TOK;                                               \
+    *yyextra->s++ = ch;                                                 \
+} while (0)
+
 %}
 
 %option reentrant
 %option extra-type="struct scanner_extra *"
 %option bison-bridge bison-locations
-%option never-interactive nounistd
-%option case-insensitive
 %option yylineno
-%option noyywrap
+%option nounistd noyywrap noinput nounput
 %option never-interactive
-%option nowarn
-%option noinput
-%option nounput
+%option case-insensitive
 
 %x S_STR S_KEY
 
@@ -88,7 +90,7 @@ extern int yyparse(struct parser_param *param);
 			    return ERROR_TOK;
 			}
 
-			*yyextra->s++ = result;
+			APPEND_S(result);
 		    }
 
 <S_STR,S_KEY>\\[0-9]+ {
@@ -96,15 +98,15 @@ extern int yyparse(struct parser_param *param);
 			return ERROR_TOK;
 		    }
 
-<S_STR,S_KEY>\\n	*yyextra->s++ = '\n';
-<S_STR,S_KEY>\\t	*yyextra->s++ = '\t';
-<S_STR,S_KEY>\\r	*yyextra->s++ = '\r';
-<S_STR,S_KEY>\\b	*yyextra->s++ = '\b';
-<S_STR,S_KEY>\\f	*yyextra->s++ = '\f';
-<S_STR,S_KEY>\\v	*yyextra->s++ = '\v';
-<S_STR,S_KEY>\\e	*yyextra->s++ = '\033';
+<S_STR,S_KEY>\\n	APPEND_S('\n');
+<S_STR,S_KEY>\\t	APPEND_S('\t');
+<S_STR,S_KEY>\\r	APPEND_S('\r');
+<S_STR,S_KEY>\\b	APPEND_S('\b');
+<S_STR,S_KEY>\\f	APPEND_S('\f');
+<S_STR,S_KEY>\\v	APPEND_S('\v');
+<S_STR,S_KEY>\\e	APPEND_S('\033');
 
-<S_STR,S_KEY>.		*yyextra->s++ = yytext[0];
+<S_STR,S_KEY>.		APPEND_S(yytext[0]);
 
 xkb_keymap		return XKB_KEYMAP;
 xkb_keycodes		return XKB_KEYCODES;
@@ -204,7 +206,6 @@ yyerror(YYLTYPE *loc, void *scanner, const char *msg)
         if (warningLevel > 3)
             fprintf(stderr, "last scanned symbol is: %s\n", extra->scanBuf);
     }
-    return;
 }
 
 int
kmx.io     mail     discord kmxgit v0.4.0