diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2021-02-13 14:06:37 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2021-02-13 14:06:37 +0900 |
| commit | 94fb86f89b131814201596d301f584dfe4547526 (patch) | |
| tree | 02ec7cfd84cf600196dd71f8de46f17cda59e7ec /mrbgems | |
| parent | adb50df71a4e5c45cdf9c626fb90f95ef2d10b13 (diff) | |
| download | mruby-94fb86f89b131814201596d301f584dfe4547526.tar.gz mruby-94fb86f89b131814201596d301f584dfe4547526.zip | |
parse.y: string buffer (`tokbuf`) can overflow.
Check if `esclen` is smaller than `len` (original string length).
Diffstat (limited to 'mrbgems')
| -rw-r--r-- | mrbgems/mruby-compiler/core/parse.y | 1 | ||||
| -rw-r--r-- | mrbgems/mruby-compiler/core/y.tab.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/mrbgems/mruby-compiler/core/parse.y b/mrbgems/mruby-compiler/core/parse.y index 1a97b3ec6..56b9bb38a 100644 --- a/mrbgems/mruby-compiler/core/parse.y +++ b/mrbgems/mruby-compiler/core/parse.y @@ -4682,6 +4682,7 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf) start = 0; while (start < len) { end = escaped ? (size_t)escaped->car : len; + if (end > len) end = len; spaces = (size_t)nspaces->car; size_t esclen = end - start; heredoc_count_indent(hinf, str + start, esclen, spaces, &offset); diff --git a/mrbgems/mruby-compiler/core/y.tab.c b/mrbgems/mruby-compiler/core/y.tab.c index 6c7940a7b..0ba1c8d7f 100644 --- a/mrbgems/mruby-compiler/core/y.tab.c +++ b/mrbgems/mruby-compiler/core/y.tab.c @@ -10718,6 +10718,7 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf) start = 0; while (start < len) { end = escaped ? (size_t)escaped->car : len; + if (end > len) end = len; spaces = (size_t)nspaces->car; size_t esclen = end - start; heredoc_count_indent(hinf, str + start, esclen, spaces, &offset); |