Skip to content

Commit 1d1bdec

Browse files
committed
Fix possible buffer overflow problem in chkNum of scanner.
1 parent 780d605 commit 1d1bdec

File tree

1 file changed

+26
-9
lines changed

1 file changed

+26
-9
lines changed

Diff for: lib/cgraph/scan.l

+26-9
Original file line numberDiff line numberDiff line change
@@ -129,15 +129,32 @@ static void ppDirective (void)
129129
* and report this to the user.
130130
*/
131131
static int chkNum(void) {
132-
unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
133-
if (!isdigit(c) && (c != '.')) { /* c is letter */
134-
char buf[BUFSIZ];
135-
sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
136-
strcat (buf, "splits into two name tokens\n");
137-
agerr(AGWARN,buf);
138-
return 1;
139-
}
140-
else return 0;
132+
unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
133+
if (!isdigit(c) && (c != '.')) { /* c is letter */
134+
unsigned char xbuf[BUFSIZ];
135+
char buf[BUFSIZ];
136+
agxbuf xb;
137+
char* fname;
138+
139+
if (InputFile)
140+
fname = InputFile;
141+
else
142+
fname = "input";
143+
144+
agxbinit(&xb, BUFSIZ, xbuf);
145+
146+
agxbput(&xb,"syntax ambiguity - badly delimited number '");
147+
agxbput(&xb,yytext);
148+
sprintf(buf,"' in line %d of ", line_num);
149+
agxbput(&xb,buf);
150+
agxbput(&xb,fname);
151+
agxbput(&xb, " splits into two tokens\n");
152+
agerr(AGWARN,agxbuse(&xb));
153+
154+
agxbfree(&xb);
155+
return 1;
156+
}
157+
else return 0;
141158
}
142159

143160
/* The LETTER class below consists of ascii letters, underscore, all non-ascii

0 commit comments

Comments
 (0)