>From ddb9ec59ec0388273bc53ea1c3a36a3ed93ea996 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 17 Oct 2019 11:35:48 -0700 Subject: [PATCH 07/11] bison: check for int overflow in token numbers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * src/symtab.c: Include intprops.h (symbol_user_token_number_set): Don’t allow user_token_number == INT_MAX because too much other code adds 1 to the user token number. (symbols_token_translations_init): Complain on integer overflow instead of indulging in undefined behavior. --- src/symtab.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/symtab.c b/src/symtab.c index f2454725..a619d177 100644 --- a/src/symtab.c +++ b/src/symtab.c @@ -30,6 +30,7 @@ #include "complain.h" #include "getargs.h" #include "gram.h" +#include "intprops.h" #include "quote.h" @@ -549,6 +550,9 @@ symbol_user_token_number_set (symbol *sym, int user_token_number, location loc) && *user_token_numberp != user_token_number) complain (&loc, complaint, _("redefining user token number of %s"), sym->tag); + else if (user_token_number == INT_MAX) + complain (&loc, complaint, _("user token number of %s too large"), + sym->tag); else { *user_token_numberp = user_token_number; @@ -1005,7 +1009,11 @@ symbols_token_translations_init (void) { sym_content *this = symbols[i]->content; if (this->user_token_number == USER_NUMBER_UNDEFINED) - this->user_token_number = ++max_user_token_number; + { + if (INT_ADD_WRAPV (max_user_token_number, 1, &max_user_token_number)) + complain (NULL, fatal, _("token number too large")); + this->user_token_number = max_user_token_number; + } if (this->user_token_number > max_user_token_number) max_user_token_number = this->user_token_number; } -- 2.21.0