Browse files

Fix possible buffer overflow problem in chkNum of scanner.

  • Loading branch information...
1 parent 780d605 commit 1d1bdec6318746f6f19f245db589eddc887ae8ff @emdenrg emdenrg committed Jan 8, 2014
Showing with 26 additions and 9 deletions.
  1. +26 −9 lib/cgraph/scan.l
View
35 lib/cgraph/scan.l
@@ -129,15 +129,32 @@ static void ppDirective (void)
* and report this to the user.
*/
static int chkNum(void) {
- unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
- if (!isdigit(c) && (c != '.')) { /* c is letter */
- char buf[BUFSIZ];
- sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
- strcat (buf, "splits into two name tokens\n");
- agerr(AGWARN,buf);
- return 1;
- }
- else return 0;
+ unsigned char c = (unsigned char)yytext[yyleng-1]; /* last character */
+ if (!isdigit(c) && (c != '.')) { /* c is letter */
+ unsigned char xbuf[BUFSIZ];
+ char buf[BUFSIZ];
+ agxbuf xb;
+ char* fname;
+
+ if (InputFile)
+ fname = InputFile;
+ else
+ fname = "input";
+
+ agxbinit(&xb, BUFSIZ, xbuf);
+
+ agxbput(&xb,"syntax ambiguity - badly delimited number '");
+ agxbput(&xb,yytext);
+ sprintf(buf,"' in line %d of ", line_num);
+ agxbput(&xb,buf);
+ agxbput(&xb,fname);
+ agxbput(&xb, " splits into two tokens\n");
+ agerr(AGWARN,agxbuse(&xb));
+
+ agxbfree(&xb);
+ return 1;
+ }
+ else return 0;
}
/* The LETTER class below consists of ascii letters, underscore, all non-ascii

0 comments on commit 1d1bdec

Please sign in to comment.