scc

Simple C99 Compiler
Log | Files | Refs | README | LICENSE

commit a0e6b9b6b4c4e454201dc18fd04db414f11cd36e
parent 6cbfe36885806fff34fd3d6c0f22d439e9321dc7
Author: Roberto E. Vargas Caballero <k0ga@shike2.com>
Date:   Thu, 12 Mar 2015 19:16:01 +0000

Avoid memory corruption in cc2

we were taking a value of the user and using it as index of an array without
checking that the value was correct.

Diffstat:
cc2/parser.c | 3++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cc2/parser.c b/cc2/parser.c @@ -398,12 +398,13 @@ expression(char *token) { Node *np; void (*fun)(char *); + unsigned c; if (!curfun) error(ESYNTAX); do { - if ((fun = optbl[token[0]]) == NULL) + if ((c = token[0]) > 0x1f || (fun = optbl[c]) == NULL) error(ESYNTAX); (*fun)(token); } while (token = strtok(NULL, "\t"));