From: Explorer09 <explorer09@gmail.com>
Date: Fri, 13 Oct 2017 16:31:01 +0000 (+0800)
Subject: scanner: temporarily protect against ccl overflow & overwriting.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=12d2f8608046c5d43646e3c1dc277c0a2914ae1b;p=flex

scanner: temporarily protect against ccl overflow & overwriting.

For ccladd(), if cclp given is a non-last ccl, adding a char into it
will overflow the buffer and overwrite the first char in the next ccl.

For now, add a temporary detection and protection code.  (Not sure if
this could happen in user input, but if it could, then you can expect
some "corrupted" behavior for generated scanners.)
---

diff --git a/src/ccl.c b/src/ccl.c
index ff9a213..5c5af13 100644
--- a/src/ccl.c
+++ b/src/ccl.c
@@ -73,6 +73,13 @@ void ccladd (int cclp, int ch)
 
 	newpos = ind + len;
 
+	/* For a non-last cclp, expanding the set will overflow and overwrite a
+	 * char in the next cclp.
+	 * FIXME: Need another allocation scheme for ccl's. */
+	if (cclp != lastccl) {
+		flexfatal(_("internal error: trying to add a char to a non-last ccl.\n"));
+	}
+
 	if (newpos >= current_max_ccl_tbl_size) {
 		current_max_ccl_tbl_size += MAX_CCL_TBL_SIZE_INCREMENT;