Skip to content

Commit

Permalink
parse.y: string buffer (tokbuf) can overflow.
Browse files Browse the repository at this point in the history 
Check if `esclen` is smaller than `len` (original string length).
  • Loading branch information
@matz
matz committed Feb 13, 2021
1 parent adb50df commit 94fb86f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions mrbgems/mruby-compiler/core/parse.y
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4682,6 +4682,7 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
start = 0;
while (start < len) {
end = escaped ? (size_t)escaped->car : len;
if (end > len) end = len;
spaces = (size_t)nspaces->car;
size_t esclen = end - start;
heredoc_count_indent(hinf, str + start, esclen, spaces, &offset);
Expand Down
1 change: 1 addition & 0 deletions mrbgems/mruby-compiler/core/y.tab.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10718,6 +10718,7 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
start = 0;
while (start < len) {
end = escaped ? (size_t)escaped->car : len;
if (end > len) end = len;
spaces = (size_t)nspaces->car;
size_t esclen = end - start;
heredoc_count_indent(hinf, str + start, esclen, spaces, &offset);
Expand Down

0 comments on commit 94fb86f

Please sign in to comment.