Buffer overrun when syntax fragment contains no terminating newline.

pspp-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overrun when syntax fragment contains no terminating newline.

From:	John Darrington
Subject:	Buffer overrun when syntax fragment contains no terminating newline.
Date:	Sat, 29 Sep 2018 16:26:28 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

I've just pushed a change fixing some sporadic crashes in the gui.   

The bug (which took a bit of tracking down) turned out to be caused by
a buffer overrun in lexer.c (lex_source_get_).   In particular, we have
the code:

 const char *newline = rawmemchr (line, '\n');

But the documentation for rawmemchr says that it's unpredictable if
line does not contain a '\n'.

So this means our syntax parser can crash if we present it with a
fragment which is not newline terminated.   I wasn't aware that we
had such a limitation.     Does this need to be fixed, or at least
explicitly documented ?

J'

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overrun when syntax fragment contains no terminating newline., John Darrington <=
- Re: Buffer overrun when syntax fragment contains no terminating newline., Ben Pfaff, 2018/09/29
  - Re: Buffer overrun when syntax fragment contains no terminating newline., John Darrington, 2018/09/30

Prev by Date: Re: Refcount struct dictionary ?
Next by Date: Re: Buffer overrun when syntax fragment contains no terminating newline.
Previous by thread: Refcount struct dictionary ?
Next by thread: Re: Buffer overrun when syntax fragment contains no terminating newline.
Index(es):
- Date
- Thread