Mercurial > ~dholland > hg > tradcpp > index.cgi
diff files.c @ 203:3a25180d3a5c
Abort on line numbering or column numbering overflow.
Line numbers are limited to values that fit in "unsigned int". Also
reject input lines longer than 2^32-1 characters. It seems reasonable
to presume that any input that violates these constraints is someone
screwing around and not a serious attempt to compile or preprocess
anything useful. Done in response to n2129, but without getting into
any of the silliness found there.
| author | David A. Holland |
|---|---|
| date | Tue, 01 Aug 2017 14:51:04 -0400 |
| parents | 1d2bad7151f9 |
| children |
line wrap: on
line diff
--- a/files.c Thu Dec 15 23:53:13 2016 -0500 +++ b/files.c Tue Aug 01 14:51:04 2017 -0400 @@ -163,6 +163,10 @@ for (i=start; i<limit; i++) { if (buf[i] == '\n') { count++; + if (count == 0) { + /* just return the max and error downstream */ + return count - 1; + } } } return count; @@ -209,6 +213,12 @@ /* need bigger buffer */ buf = dorealloc(buf, bufmax, bufmax*2); bufmax = bufmax*2; + /* just in case someone's screwing around */ + if (bufmax > 0xffffffff) { + complain(&places.current, + "Input line too long"); + die(); + } } if (ateof) { @@ -231,7 +241,7 @@ /* eof in middle of line */ ateof = true; ptmp = places.current; - ptmp.column += bufend - linestart; + place_addcolumns(&ptmp, bufend - linestart); if (buf[bufend - 1] == '\n') { complain(&ptmp, "Unclosed comment"); complain_fail(); @@ -257,7 +267,7 @@ assert(buf[lineend] == '\n'); buf[lineend] = '\0'; nextlinestart = lineend+1; - places.nextline.line++; + place_addlines(&places.nextline, 1); /* check for CR/NL */ if (lineend > 0 && buf[lineend-1] == '\r') { @@ -284,7 +294,8 @@ assert(buf[lineend] == '\0'); /* count how many commented-out newlines we swallowed */ - places.nextline.line += countnls(buf, linestart, lineend); + place_addlines(&places.nextline, + countnls(buf, linestart, lineend)); /* process the line (even if it's empty) */ directive_gotline(&places, buf+linestart, lineend-linestart);