haskal
/
kicad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security issue (buffer overrun).

This commit is contained in:
Jeff Young 2020-07-18 11:40:56 +01:00
parent 49d242944d
commit bcb29b6bf8
2 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/libeval_compiler/libeval_compiler.cpp
View File

@ -281,7 +281,7 @@ bool COMPILER::lexString( COMPILER::T_TOKEN& aToken )
//printf("STR LIT '%s'\n", (const char *)str.c_str() );
aToken.token = G_STRING;
strcpy( aToken.value.value.str, str.c_str() );
snprintf( aToken.value.value.str, LIBEVAL_MAX_LITERAL_LENGTH, "%s", str.c_str() );
m_tokenizer.NextChar( str.length() + 1 );
m_lexerState = LS_DEFAULT;
@ -381,7 +381,7 @@ bool COMPILER::lexDefault( COMPILER::T_TOKEN& aToken )
// VALUE
extractNumber();
retval.token = G_VALUE;
strcpy( retval.value.value.str, current.c_str() );
snprintf( retval.value.value.str, LIBEVAL_MAX_LITERAL_LENGTH, "%s", current.c_str() );
}
else if( ( convertFrom = resolveUnits() ) >= 0 )
{
@ -410,7 +410,7 @@ bool COMPILER::lexDefault( COMPILER::T_TOKEN& aToken )
//printf("id '%s'\n", (const char *) current.c_str() );
fflush( stdout );
retval.token = G_IDENTIFIER;
strcpy( retval.value.value.str, current.c_str() );
snprintf( retval.value.value.str, LIBEVAL_MAX_LITERAL_LENGTH, "%s", current.c_str() );
m_tokenizer.NextChar( current.length() );
}
else if( m_tokenizer.MatchAhead( "==", []( int c ) -> bool { return c != '='; } ) )

9
include/libeval_compiler/libeval_compiler.h
View File

@ -102,6 +102,7 @@ struct TREE_NODE
char str[LIBEVAL_MAX_LITERAL_LENGTH];
int type;
} value;
int op;
TREE_NODE* leaf[2];
UOP* uop;
@ -109,11 +110,12 @@ struct TREE_NODE
bool isTerminal;
};
static inline TREE_NODE* copyNode( TREE_NODE& t )
{
auto t2 = new TREE_NODE();
t2->valid = t.valid;
strcpy(t2->value.str, t.value.str);
snprintf( t2->value.str, LIBEVAL_MAX_LITERAL_LENGTH, "%s", t.value.str );
t2->op = t.op;
t2->value.type = t.value.type;
t2->leaf[0] = t.leaf[0];
@ -124,12 +126,11 @@ static inline TREE_NODE* copyNode( TREE_NODE& t )
}
static inline TREE_NODE* newNode( int op, int type, std::string value )
static inline TREE_NODE* newNode( int op, int type, const std::string& value )
{
auto t2 = new TREE_NODE();
t2->valid = true;
strcpy(t2->value.str, value.c_str());
snprintf( t2->value.str, LIBEVAL_MAX_LITERAL_LENGTH, "%s", value.c_str() );
t2->op = op;
t2->value.type = type;
t2->leaf[0] = nullptr;