From: rlar <rlar>
Date: Tue, 1 Mar 2016 16:59:09 +0000 (+0100)
Subject: cast and fix usage of log10(), ceil to prevent buffer overflow
X-Git-Tag: v2.6.2~67
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=00bc43fa045008aa306ef07d4f5d018d91f233ed;p=flex

cast and fix usage of log10(), ceil to prevent buffer overflow
---

diff --git a/src/buf.c b/src/buf.c
index c03b85f..185cbd3 100644
--- a/src/buf.c
+++ b/src/buf.c
@@ -100,7 +100,7 @@ struct Buf *buf_linedir (struct Buf *buf, const char* filename, int lineno)
 
     tsz = strlen("#line \"\"\n")                +   /* constant parts */
                2 * strlen (filename)            +   /* filename with possibly all backslashes escaped */
-               (int) (1 + log10 (abs (lineno))) +   /* line number */
+               (size_t) (1 + ceil (log10 (abs (lineno)))) +   /* line number */
                1;                                   /* NUL */
     t = malloc(tsz);
     if (!t)
diff --git a/src/main.c b/src/main.c
index e329e4e..4e5254a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -474,7 +474,7 @@ void check_options (void)
              char *str, *fmt = "#define %s %d\n";
              size_t strsz;
 
-             strsz = strlen(fmt) + strlen(scname[i]) + (int)(1 + log10(i)) + 2;
+             strsz = strlen(fmt) + strlen(scname[i]) + (size_t)(1 + ceil (log10(i))) + 2;
              str = malloc(strsz);
              if (!str)
                flexfatal(_("allocation of macro definition failed"));