From 7e135b9313ad06218dfcf9ed63070edede7745a1 Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Thu, 31 May 2018 12:08:56 +0200
Subject: [PATCH] Fix yet another buffer overflow in the braille table parser

Reported by Edward-L

Fixes #582
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index 777e1da..b6bd010 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -2855,6 +2855,10 @@ compilePassOpcode (FileInfo * nested, TranslationTableOpcode opcode)
       passLinepos = 0;
       while (passLinepos <= endTest)
 	{
+        if (passIC >= MAXSTRING) {
+          compileError(passNested, "Test part in multipass operand too long");
+          return 0;
+	  }
 	  switch ((passSubOp = passLine.chars[passLinepos]))
 	    {
 	    case pass_lookback:
@@ -3050,6 +3054,10 @@ compilePassOpcode (FileInfo * nested, TranslationTableOpcode opcode)
       while (passLinepos < passLine.length &&
 	     passLine.chars[passLinepos] > 32)
 	{
+        if (passIC >= MAXSTRING) {
+          compileError(passNested, "Action part in multipass operand too long");
+          return 0;
+          }
 	  switch ((passSubOp = passLine.chars[passLinepos]))
 	    {
 	    case pass_string:
@@ -3077,8 +3085,15 @@ compilePassOpcode (FileInfo * nested, TranslationTableOpcode opcode)
 	      if (passHoldString.length == 0)
 		return 0;
 	      passInstructions[passIC++] = passHoldString.length;
-	      for (kk = 0; kk < passHoldString.length; kk++)
+              for (kk = 0; kk < passHoldString.length; kk++)
+	        {
+                  if (passIC >= MAXSTRING)
+		    {
+                      compileError(passNested, "@ operand in action part of multipass operand too long");
+                      return 0;
+                }
 		passInstructions[passIC++] = passHoldString.chars[kk];
+              }
 	      break;
 	    case pass_variable:
 	      passLinepos++;