Fixed stack overflow in CPPextension function. An arbitrary size buffer was being used for extension name. Changed it to use MAX_SYMBOL_NAME_LEN.
- Also formalized the values for MAX_SYMBOL_NAME_LEN and MAX_STRING_LEN. They were being used as if there was a confusion whether it included the NULL terminator or not.
- Fixed some minor issues with code releated to the usage of MAX_SYMBOL_NAME_LEN and MAX_STRING_LEN.
BUG=59625 (crbug.com)
Review URL: http://codereview.appspot.com/2585042
git-svn-id: https://angleproject.googlecode.com/svn/trunk@464 736b8ea6-26fd-11df-bfd4-992fa37f6226
diff --git a/src/compiler/preprocessor/cpp.c b/src/compiler/preprocessor/cpp.c
index f15c56d..e73e314 100644
--- a/src/compiler/preprocessor/cpp.c
+++ b/src/compiler/preprocessor/cpp.c
@@ -670,7 +670,7 @@
{
int token = cpp->currentInput->scan(cpp->currentInput, yylvalpp);
- char extensionName[80];
+ char extensionName[MAX_SYMBOL_NAME_LEN + 1];
if(token=='\n'){
DecLineNumber();
@@ -682,7 +682,8 @@
if (token != CPP_IDENTIFIER)
CPPErrorToInfoLog("#extension");
- strcpy(extensionName, GetAtomString(atable, yylvalpp->sc_ident));
+ strncpy(extensionName, GetAtomString(atable, yylvalpp->sc_ident), MAX_SYMBOL_NAME_LEN);
+ extensionName[MAX_SYMBOL_NAME_LEN] = '\0';
token = cpp->currentInput->scan(cpp->currentInput, yylvalpp);
if (token != ':') {
diff --git a/src/compiler/preprocessor/scanner.c b/src/compiler/preprocessor/scanner.c
index c9fc2fa..6dc1797 100644
--- a/src/compiler/preprocessor/scanner.c
+++ b/src/compiler/preprocessor/scanner.c
@@ -45,6 +45,7 @@
// scanner.c
//
+#include <assert.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -52,7 +53,7 @@
#if 0
#include <ieeefp.h>
- #else
+#else
#define isinff(x) (((*(int *)&(x) & 0x7f800000L)==0x7f800000L) && \
((*(int *)&(x) & 0x007fffffL)==0000000000L))
#endif
@@ -133,38 +134,38 @@
*/
static int str_getch(StringInputSrc *in)
{
- for(;;){
- if (*in->p){
- if (*in->p == '\n') {
+ for(;;){
+ if (*in->p){
+ if (*in->p == '\n') {
in->base.line++;
IncLineNumber();
}
return *in->p++;
- }
- if(++(cpp->PaWhichStr) < cpp->PaArgc){
- free(in);
- SetStringNumber(cpp->PaWhichStr);
- SetLineNumber(1);
- ScanFromString(cpp->PaArgv[cpp->PaWhichStr]);
- in=(StringInputSrc*)cpp->currentInput;
- continue;
- }
- else{
- cpp->currentInput = in->base.prev;
- cpp->PaWhichStr=0;
+ }
+ if(++(cpp->PaWhichStr) < cpp->PaArgc){
+ free(in);
+ SetStringNumber(cpp->PaWhichStr);
+ SetLineNumber(1);
+ ScanFromString(cpp->PaArgv[cpp->PaWhichStr]);
+ in=(StringInputSrc*)cpp->currentInput;
+ continue;
+ }
+ else{
+ cpp->currentInput = in->base.prev;
+ cpp->PaWhichStr=0;
free(in);
return EOF;
}
- }
+ }
} // str_getch
static void str_ungetch(StringInputSrc *in, int ch, yystypepp *type) {
if (in->p[-1] == ch)in->p--;
- else {
- *(in->p)='\0'; //this would take care of shifting to the previous string.
- cpp->PaWhichStr--;
- }
- if (ch == '\n') {
+ else {
+ *(in->p)='\0'; //this would take care of shifting to the previous string.
+ cpp->PaWhichStr--;
+ }
+ if (ch == '\n') {
in->base.line--;
DecLineNumber();
}
@@ -173,9 +174,9 @@
int ScanFromString(const char *s)
{
- StringInputSrc *in = malloc(sizeof(StringInputSrc));
+ StringInputSrc *in = malloc(sizeof(StringInputSrc));
memset(in, 0, sizeof(StringInputSrc));
- in->p = s;
+ in->p = s;
in->base.line = 1;
in->base.scan = byte_scan;
in->base.getch = (int (*)(InputSrc *, yystypepp *))str_getch;
@@ -223,7 +224,7 @@
}
rv = (float)val;
if (isinff(rv)) {
- CPPErrorToInfoLog(" ERROR___FP_CONST_OVERFLOW");
+ CPPErrorToInfoLog(" ERROR___FP_CONST_OVERFLOW");
}
return rv;
} // lBuildFloatValue
@@ -244,10 +245,10 @@
HasDecimal = 0;
declen = 0;
exp = 0;
-
+
str_len=len;
if (ch == '.') {
- str[len++]=ch;
+ str[len++]=ch;
HasDecimal = 1;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
while (ch >= '0' && ch <= '9') {
@@ -269,20 +270,20 @@
if (ch == 'e' || ch == 'E') {
ExpSign = 1;
- str[len++]=ch;
+ str[len++]=ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
if (ch == '+') {
str[len++]=ch;
- ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
+ ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
} else if (ch == '-') {
ExpSign = -1;
- str[len++]=ch;
+ str[len++]=ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
}
if (ch >= '0' && ch <= '9') {
while (ch >= '0' && ch <= '9') {
exp = exp*10 + ch - '0';
- str[len++]=ch;
+ str[len++]=ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
}
} else {
@@ -293,7 +294,7 @@
if (len == 0) {
lval = 0.0f;
- strcpy(str,"0.0");
+ strcpy(str,"0.0");
} else {
str[len]='\0';
lval = lBuildFloatValue(str, str_len, exp - declen);
@@ -320,21 +321,21 @@
for (;;) {
yylvalpp->sc_int = 0;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
-
+
while (ch == ' ' || ch == '\t' || ch == '\r') {
yylvalpp->sc_int = 1;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
}
-
+
cpp->ltokenLoc.file = cpp->currentInput->name;
cpp->ltokenLoc.line = cpp->currentInput->line;
len = 0;
switch (ch) {
default:
- return ch; // Single character token
+ return ch; // Single character token
case EOF:
return -1;
- case 'A': case 'B': case 'C': case 'D': case 'E':
+ case 'A': case 'B': case 'C': case 'D': case 'E':
case 'F': case 'G': case 'H': case 'I': case 'J':
case 'K': case 'L': case 'M': case 'N': case 'O':
case 'P': case 'Q': case 'R': case 'S': case 'T':
@@ -348,18 +349,14 @@
case 'z':
do {
if (len < MAX_SYMBOL_NAME_LEN) {
- symbol_name[len] = ch;
- len++;
- ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
- } else {
- ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
+ symbol_name[len++] = ch;
}
+ ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
} while ((ch >= 'a' && ch <= 'z') ||
(ch >= 'A' && ch <= 'Z') ||
(ch >= '0' && ch <= '9') ||
ch == '_');
- if (len >= MAX_SYMBOL_NAME_LEN)
- len = MAX_SYMBOL_NAME_LEN - 1;
+ assert(len <= MAX_SYMBOL_NAME_LEN);
symbol_name[len] = '\0';
cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
yylvalpp->sc_ident = LookUpAddString(atable, symbol_name);
@@ -369,7 +366,7 @@
yylvalpp->symbol_name[len++] = ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
if (ch == 'x' || ch == 'X') {
- yylvalpp->symbol_name[len++] = ch;
+ yylvalpp->symbol_name[len++] = ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
if ((ch >= '0' && ch <= '9') ||
(ch >= 'A' && ch <= 'F') ||
@@ -378,7 +375,7 @@
AlreadyComplained = 0;
ival = 0;
do {
- yylvalpp->symbol_name[len++] = ch;
+ yylvalpp->symbol_name[len++] = ch;
if (ival <= 0x0fffffff) {
if (ch >= '0' && ch <= '9') {
ii = ch - '0';
@@ -401,8 +398,8 @@
CPPErrorToInfoLog("ERROR___ERROR_IN_HEX_CONSTANT");
}
yylvalpp->symbol_name[len] = '\0';
- cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
- yylvalpp->sc_int = ival;
+ cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
+ yylvalpp->sc_int = ival;
return CPP_INTCONSTANT;
} else if (ch >= '0' && ch <= '7') { // octal integer constants
AlreadyComplained = 0;
@@ -422,12 +419,12 @@
if (ch == '.' || ch == 'e' || ch == 'f' || ch == 'h' || ch == 'x'|| ch == 'E')
return lFloatConst(yylvalpp->symbol_name, len, ch, yylvalpp);
yylvalpp->symbol_name[len] = '\0';
- cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
- yylvalpp->sc_int = ival;
+ cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
+ yylvalpp->sc_int = ival;
return CPP_INTCONSTANT;
} else {
- cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
- ch = '0';
+ cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
+ ch = '0';
}
// Fall through...
case '1': case '2': case '3': case '4':
@@ -435,8 +432,7 @@
do {
if (len < MAX_SYMBOL_NAME_LEN) {
if (len > 0 || ch != '0') {
- yylvalpp->symbol_name[len] = ch;
- len++;
+ yylvalpp->symbol_name[len++] = ch;
}
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
}
@@ -445,7 +441,7 @@
return lFloatConst(yylvalpp->symbol_name, len, ch, yylvalpp);
} else {
yylvalpp->symbol_name[len] = '\0';
- cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
+ cpp->currentInput->ungetch(cpp->currentInput, ch, yylvalpp);
ival = 0;
AlreadyComplained = 0;
for (ii = 0; ii < len; ii++) {
@@ -663,8 +659,7 @@
return -1;
}
if (len < MAX_STRING_LEN) {
- string_val[len] = ch;
- len++;
+ string_val[len++] = ch;
ch = cpp->currentInput->getch(cpp->currentInput, yylvalpp);
}
};
@@ -682,21 +677,21 @@
int yylex_CPP(char* buf, int maxSize)
{
- yystypepp yylvalpp;
+ yystypepp yylvalpp;
int token = '\n';
for(;;) {
char* tokenString = 0;
token = cpp->currentInput->scan(cpp->currentInput, &yylvalpp);
- if(check_EOF(token))
- return 0;
+ if(check_EOF(token))
+ return 0;
if (token == '#') {
if (cpp->previous_token == '\n'|| cpp->previous_token == 0) {
- token = readCPPline(&yylvalpp);
+ token = readCPPline(&yylvalpp);
if(check_EOF(token))
return 0;
- continue;
+ continue;
} else {
CPPErrorToInfoLog("preprocessor command must not be preceded by any other statement in that line");
return 0;
@@ -718,17 +713,17 @@
} else if (token == CPP_FLOATCONSTANT||token == CPP_INTCONSTANT){
cpp->pastFirstStatement = 1;
tokenString = yylvalpp.symbol_name;
- } else {
+ } else {
cpp->pastFirstStatement = 1;
tokenString = GetStringOfAtom(atable,token);
- }
+ }
if (tokenString) {
if ((signed)strlen(tokenString) >= maxSize) {
cpp->tokensBeforeEOF = 1;
return maxSize;
} else if (strlen(tokenString) > 0) {
- strcpy(buf, tokenString);
+ strcpy(buf, tokenString);
cpp->tokensBeforeEOF = 1;
return (int)strlen(tokenString);
}
@@ -745,7 +740,7 @@
{
if(token==-1){
if(cpp->ifdepth >0){
- CPPErrorToInfoLog("#endif missing!! Compilation stopped");
+ CPPErrorToInfoLog("#endif missing!! Compilation stopped");
cpp->CompileError=1;
}
return 1;
diff --git a/src/compiler/preprocessor/scanner.h b/src/compiler/preprocessor/scanner.h
index c12c97b..c8175ab 100644
--- a/src/compiler/preprocessor/scanner.h
+++ b/src/compiler/preprocessor/scanner.h
@@ -48,8 +48,9 @@
#if !defined(__SCANNER_H)
#define __SCANNER_H 1
-#define MAX_SYMBOL_NAME_LEN 128
-#define MAX_STRING_LEN 512
+// These lengths do not include the NULL terminator.
+#define MAX_SYMBOL_NAME_LEN 127
+#define MAX_STRING_LEN 511
#include "compiler/preprocessor/parser.h"
diff --git a/src/compiler/preprocessor/tokens.c b/src/compiler/preprocessor/tokens.c
index baa07de..fbf89ae 100644
--- a/src/compiler/preprocessor/tokens.c
+++ b/src/compiler/preprocessor/tokens.c
@@ -275,8 +275,7 @@
ch == '_')
{
if (len < MAX_SYMBOL_NAME_LEN) {
- symbol_name[len] = ch;
- len++;
+ symbol_name[len++] = ch;
ch = lReadByte(pTok);
}
}
@@ -290,7 +289,7 @@
while ((ch = lReadByte(pTok)) != 0)
if (len < MAX_STRING_LEN)
string_val[len++] = ch;
- string_val[len] = 0;
+ string_val[len] = '\0';
yylvalpp->sc_ident = LookUpAddString(atable, string_val);
break;
case CPP_FLOATCONSTANT:
@@ -299,8 +298,7 @@
while ((ch >= '0' && ch <= '9')||(ch=='e'||ch=='E'||ch=='.')||(ch=='+'||ch=='-'))
{
if (len < MAX_SYMBOL_NAME_LEN) {
- symbol_name[len] = ch;
- len++;
+ symbol_name[len++] = ch;
ch = lReadByte(pTok);
}
}
@@ -315,8 +313,7 @@
while ((ch >= '0' && ch <= '9'))
{
if (len < MAX_SYMBOL_NAME_LEN) {
- symbol_name[len] = ch;
- len++;
+ symbol_name[len++] = ch;
ch = lReadByte(pTok);
}
}