From: Ulya Trofimovich Date: Sun, 4 Nov 2018 22:38:56 +0000 (+0000) Subject: Fixed out of bounds read in configuration lexer (not handling EOF in configuration... X-Git-Tag: 1.2~310 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5315a6db02ce495a9ced5db128aabf1f1dd1c621;p=re2c Fixed out of bounds read in configuration lexer (not handling EOF in configuration value). Found by american fuzzy lop (thanks to Henri Salo). --- diff --git a/re2c/bootstrap/src/ast/lex_conf.cc b/re2c/bootstrap/src/ast/lex_conf.cc index 0d3fd398..0764f6ec 100644 --- a/re2c/bootstrap/src/ast/lex_conf.cc +++ b/re2c/bootstrap/src/ast/lex_conf.cc @@ -1,4 +1,4 @@ -/* Generated by re2c 1.1.1 on Mon Oct 29 22:56:51 2018 */ +/* Generated by re2c 1.1.1 on Sun Nov 4 22:33:41 2018 */ #line 1 "../src/ast/lex_conf.re" #include "src/util/c99_stdint.h" #include @@ -3953,7 +3953,7 @@ std::string Scanner::lex_conf_string () { unsigned char yych; static const unsigned char yybm[] = { - 128, 128, 128, 128, 128, 128, 128, 128, + 0, 128, 128, 128, 128, 128, 128, 128, 128, 0, 0, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, @@ -3990,6 +3990,7 @@ std::string Scanner::lex_conf_string () yych = (unsigned char)*cur; if (yych <= '!') { if (yych <= '\n') { + if (yych <= 0x00) goto yy839; if (yych <= 0x08) goto yy840; } else { if (yych != ' ') goto yy840; @@ -4003,9 +4004,10 @@ std::string Scanner::lex_conf_string () if (yych != ';') goto yy840; } } +yy839: #line 293 "../src/ast/lex_conf.re" { goto end; } -#line 4009 "src/ast/lex_conf.cc" +#line 4011 "src/ast/lex_conf.cc" yy840: ++cur; if (lim <= cur) fill(1); @@ -4018,7 +4020,7 @@ yy840: s = std::string(tok, tok_len()); goto end; } -#line 4022 "src/ast/lex_conf.cc" +#line 4024 "src/ast/lex_conf.cc" yy843: ++cur; #line 274 "../src/ast/lex_conf.re" @@ -4037,7 +4039,7 @@ yy843: } } } -#line 4041 "src/ast/lex_conf.cc" +#line 4043 "src/ast/lex_conf.cc" } #line 294 "../src/ast/lex_conf.re" diff --git a/re2c/src/ast/lex_conf.re b/re2c/src/ast/lex_conf.re index 445e4268..5a6cec35 100644 --- a/re2c/src/ast/lex_conf.re +++ b/re2c/src/ast/lex_conf.re @@ -28,7 +28,7 @@ namespace re2c conf_assign = space* "=" space*; - naked_char = . \ (space | [;]); + naked_char = [^\x00\n] \ (space | [;]); naked = (naked_char \ ['"]) naked_char*; number = "0" | ("-"? [1-9] [0-9]*); diff --git a/re2c/test/american_fuzzy_lop/007.c b/re2c/test/american_fuzzy_lop/007.c new file mode 100644 index 00000000..848ca11f --- /dev/null +++ b/re2c/test/american_fuzzy_lop/007.c @@ -0,0 +1 @@ +re2c: error: line 2, column 18: missing ending ';' in configuration diff --git a/re2c/test/american_fuzzy_lop/007.re b/re2c/test/american_fuzzy_lop/007.re new file mode 100644 index 00000000..01a7523c --- /dev/null +++ b/re2c/test/american_fuzzy_lop/007.re @@ -0,0 +1,2 @@ +/*!re2c + re2c:startlabel= \ No newline at end of file