graphviz/graphviz-2.34.0-CVE-2014-0978-CVE-2014-1235.patch
Jaroslav Škarvada 8a174ca0bb Prevent possible buffer overflow in yyerror()
Resolves: CVE-2014-1235
- Fix possible buffer overflow problem in chkNum of scanner
  Resolves: CVE-2014-1236
2014-01-10 10:28:08 +01:00

41 lines
1.0 KiB
Diff

diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -16,6 +16,7 @@
%{
#include <grammar.h>
#include <cghdr.h>
+#include <agxbuf.h>
#include <ctype.h>
#define GRAPH_EOF_TOKEN '@' /* lex class must be defined below */
/* this is a workaround for linux flex */
@@ -191,13 +192,22 @@ ID ({NAME}|{NUMBER})
%%
void yyerror(char *str)
{
+ unsigned char xbuf[BUFSIZ];
char buf[BUFSIZ];
- if (InputFile)
- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile, line_num,
- str,line_num,yytext);
- else
- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
- agerr(AGWARN,buf);
+ agxbuf xb;
+
+ agxbinit(&xb, BUFSIZ, xbuf);
+ if (InputFile) {
+ agxbput (&xb, InputFile);
+ agxbput (&xb, ": ");
+ }
+ agxbput (&xb, str);
+ sprintf(buf," in line %d near '", line_num);
+ agxbput (&xb, buf);
+ agxbput (&xb, yytext);
+ agxbput (&xb,"'\n");
+ agerr(AGWARN,agxbuse(&xb));
+ agxbfree(&xb);
}
/* must be here to see flex's macro defns */
void aglexeof() { unput(GRAPH_EOF_TOKEN); }