mirror/nasm
2
0
Fork 0
mirror of https://github.com/netwide-assembler/nasm.git synced 2025-01-30 16:41:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow in preproc.c (BR 1942146)

Browse Source 
Fix buffer overflow in preproc.c due to an incorrect test.  In the
code:

        for (r = p, s = ourcopy; *r; r++) {
	    if (r >= p+MAX_KEYWORD)
	    	return tokval->t_type = TOKEN_ID; /* Not a keyword */
            *s++ = tolower(*r);
	    }
        *s = '\0';

... the test really needs to be >= since for the pass where there are
equal:

a) a nonzero byte means we have > MAX_KEYWORD characters, and
b) s = ourcopy+MAX_KEYWORD; but if the test doesn't trigger,
   we can write one more character *plus* the null byte, overflowing
   ourcopy.
This commit is contained in:
Philipp Thomas 2008-05-21 08:53:21 -07:00 committed by H. Peter Anvin
parent 18c3ce2517
commit 76ec8e73db
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
preproc.c
View File

@ -1074,7 +1074,7 @@ static int ppscan(void *private_data, struct tokenval *tokval)
}
for (r = p, s = ourcopy; *r; r++) {
if (r > p+MAX_KEYWORD)
if (r >= p+MAX_KEYWORD)
return tokval->t_type = TOKEN_ID; /* Not a keyword */
*s++ = tolower(*r);
}