Fix possible buffer overflow problem in chkNum of scanner.

diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
index 212967c709ac9a277222985e9f192e1a6c433984..d065b61fbaa7ab97fcb7fc573a3a2c5b27a2fadb 100644 (file)
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -129,15 +129,32 @@ static void ppDirective (void)
  * and report this to the user.
  */
 static int chkNum(void) {
-  unsigned char        c = (unsigned char)yytext[yyleng-1];   /* last character */
-  if (!isdigit(c) && (c != '.')) {  /* c is letter */
-       char    buf[BUFSIZ];
-       sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
-    strcat (buf, "splits into two name tokens\n");
-       agerr(AGWARN,buf);
-    return 1;
-  }
-  else return 0;
+    unsigned char c = (unsigned char)yytext[yyleng-1];   /* last character */
+    if (!isdigit(c) && (c != '.')) {  /* c is letter */
+       unsigned char xbuf[BUFSIZ];
+       char buf[BUFSIZ];
+       agxbuf  xb;
+       char* fname;
+
+       if (InputFile)
+           fname = InputFile;
+       else
+           fname = "input";
+
+       agxbinit(&xb, BUFSIZ, xbuf);
+
+       agxbput(&xb,"syntax ambiguity - badly delimited number '");
+       agxbput(&xb,yytext);
+       sprintf(buf,"' in line %d of ", line_num);
+       agxbput(&xb,buf);
+       agxbput(&xb,fname);
+       agxbput(&xb, " splits into two tokens\n");
+       agerr(AGWARN,agxbuse(&xb));
+
+       agxbfree(&xb);
+       return 1;
+    }
+    else return 0;
 }
 
 /* The LETTER class below consists of ascii letters, underscore, all non-ascii