|
1 From 1d1bdec6318746f6f19f245db589eddc887ae8ff Mon Sep 17 00:00:00 2001 |
|
2 From: "Emden R. Gansner" <[email protected]> |
|
3 Date: Wed, 8 Jan 2014 11:31:04 -0500 |
|
4 Subject: [PATCH] Fix possible buffer overflow problem in chkNum of scanner. |
|
5 |
|
6 --- |
|
7 lib/cgraph/scan.l | 35 ++++++++++++++++++++++++++--------- |
|
8 1 file changed, 26 insertions(+), 9 deletions(-) |
|
9 |
|
10 diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l |
|
11 index 212967c..d065b61 100644 |
|
12 --- a/lib/cgraph/scan.l |
|
13 +++ b/lib/cgraph/scan.l |
|
14 @@ -129,15 +129,32 @@ static void ppDirective (void) |
|
15 * and report this to the user. |
|
16 */ |
|
17 static int chkNum(void) { |
|
18 - unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */ |
|
19 - if (!isdigit(c) && (c != '.')) { /* c is letter */ |
|
20 - char buf[BUFSIZ]; |
|
21 - sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile); |
|
22 - strcat (buf, "splits into two name tokens\n"); |
|
23 - agerr(AGWARN,buf); |
|
24 - return 1; |
|
25 - } |
|
26 - else return 0; |
|
27 + unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */ |
|
28 + if (!isdigit(c) && (c != '.')) { /* c is letter */ |
|
29 + unsigned char xbuf[BUFSIZ]; |
|
30 + char buf[BUFSIZ]; |
|
31 + agxbuf xb; |
|
32 + char* fname; |
|
33 + |
|
34 + if (InputFile) |
|
35 + fname = InputFile; |
|
36 + else |
|
37 + fname = "input"; |
|
38 + |
|
39 + agxbinit(&xb, BUFSIZ, xbuf); |
|
40 + |
|
41 + agxbput(&xb,"syntax ambiguity - badly delimited number '"); |
|
42 + agxbput(&xb,yytext); |
|
43 + sprintf(buf,"' in line %d of ", line_num); |
|
44 + agxbput(&xb,buf); |
|
45 + agxbput(&xb,fname); |
|
46 + agxbput(&xb, " splits into two tokens\n"); |
|
47 + agerr(AGWARN,agxbuse(&xb)); |
|
48 + |
|
49 + agxbfree(&xb); |
|
50 + return 1; |
|
51 + } |
|
52 + else return 0; |
|
53 } |
|
54 |
|
55 /* The LETTER class below consists of ascii letters, underscore, all non-ascii |
|
56 |