8a174ca0bb
Resolves: CVE-2014-1235 - Fix possible buffer overflow problem in chkNum of scanner Resolves: CVE-2014-1236
59 lines
1.6 KiB
Diff
59 lines
1.6 KiB
Diff
From 1d1bdec6318746f6f19f245db589eddc887ae8ff Mon Sep 17 00:00:00 2001
|
|
From: "Emden R. Gansner" <erg@alum.mit.edu>
|
|
Date: Wed, 8 Jan 2014 11:31:04 -0500
|
|
Subject: [PATCH] Fix possible buffer overflow problem in chkNum of scanner.
|
|
|
|
---
|
|
lib/cgraph/scan.l | 35 ++++++++++++++++++++++++++---------
|
|
1 file changed, 26 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
|
|
index 212967c..d065b61 100644
|
|
--- a/lib/cgraph/scan.l
|
|
+++ b/lib/cgraph/scan.l
|
|
@@ -129,15 +129,32 @@ static void ppDirective (void)
|
|
* and report this to the user.
|
|
*/
|
|
static int chkNum(void) {
|
|
- unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
|
|
- if (!isdigit(c) && (c != '.')) { /* c is letter */
|
|
- char buf[BUFSIZ];
|
|
- sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
|
|
- strcat (buf, "splits into two name tokens\n");
|
|
- agerr(AGWARN,buf);
|
|
- return 1;
|
|
- }
|
|
- else return 0;
|
|
+ unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
|
|
+ if (!isdigit(c) && (c != '.')) { /* c is letter */
|
|
+ unsigned char xbuf[BUFSIZ];
|
|
+ char buf[BUFSIZ];
|
|
+ agxbuf xb;
|
|
+ char* fname;
|
|
+
|
|
+ if (InputFile)
|
|
+ fname = InputFile;
|
|
+ else
|
|
+ fname = "input";
|
|
+
|
|
+ agxbinit(&xb, BUFSIZ, xbuf);
|
|
+
|
|
+ agxbput(&xb,"syntax ambiguity - badly delimited number '");
|
|
+ agxbput(&xb,yytext);
|
|
+ sprintf(buf,"' in line %d of ", line_num);
|
|
+ agxbput(&xb,buf);
|
|
+ agxbput(&xb,fname);
|
|
+ agxbput(&xb, " splits into two tokens\n");
|
|
+ agerr(AGWARN,agxbuse(&xb));
|
|
+
|
|
+ agxbfree(&xb);
|
|
+ return 1;
|
|
+ }
|
|
+ else return 0;
|
|
}
|
|
|
|
/* The LETTER class below consists of ascii letters, underscore, all non-ascii
|
|
--
|
|
1.8.5.1
|
|
|