[hackers] [scc] Remove buffer overflow in expand() || Roberto E. Vargas Caballero

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <git_AT_suckless.org>
Date: Fri, 17 Jul 2015 22:26:29 +0200 (CEST)

commit 21c1937146f4b5acc6e3a5a695116419f19554ad
Author: Roberto E. Vargas Caballero <k0ga_AT_shike2.com>
AuthorDate: Fri Jul 17 22:24:22 2015 +0200
Commit: Roberto E. Vargas Caballero <k0ga_AT_shike2.com>
CommitDate: Fri Jul 17 22:24:22 2015 +0200

    Remove buffer overflow in expand()

    Macro expansions are done replacing the macro invocation
    by the macro expansion. It means that the size of the line
    is different after the operation, but there was no check
    of this new size.

diff --git a/cc1/cpp.c b/cc1/cpp.c
index 4df8244..a1f548f 100644
--- a/cc1/cpp.c
+++ b/cc1/cpp.c
_AT_@ -210,12 +210,16 @@ print_subs:
         fprintf(stderr, "macro '%s' expanded to :'%s'\n", macroname, buffer);
         len = strlen(buffer);

+ if (begin - input->line + len >= LINESIZ-1)
+ error("macro expansion too long");
+
         /* cut macro invocation */
         memmove(begin, input->p, input->p - begin);
- memmove(begin + len, begin, len);

         /* paste macro expansion */
+ memmove(begin + len, begin, len);
         memcpy(begin, buffer, len);
+
         input->p = input->begin = begin;

         return 1;
Received on Fri Jul 17 2015 - 22:26:29 CEST

This archive was generated by hypermail 2.3.0 : Fri Jul 17 2015 - 22:36:10 CEST