From bf7770798e7a9a0fa6af57a133dd016521f8c654 Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sat, 24 Jul 2021 15:37:34 -0700
Subject: [PATCH] lexname: fix latent buffer overflow

Buffers of length MAXNAME are printed into, including in a case where the
printed string is "(EXTERNAL:%d)". This needs a maximum of 23 bytes, not 16
bytes as was previously used. This overflow looks impossible to actually trigger
because I believe this code path is only used in the case of a bug in the lexer
itself. Hence no changelog entry for this.

This issue was exposed when moving sfsprintf calls to snsprintf, as the compiler
understands the semantics of the latter and knows how to warn about detectable
overflows. Related to #1998.
---
 lib/expr/exeval.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/expr/exeval.c b/lib/expr/exeval.c
index 6913482b6..e87f6f96a 100644
--- a/lib/expr/exeval.c
+++ b/lib/expr/exeval.c
@@ -38,7 +38,7 @@
 static Extype_t	eval(Expr_t*, Exnode_t*, void*);
 
 #define TOTNAME		4
-#define MAXNAME		16
+#define MAXNAME		23
 #define FRAME		64
 
 static char*
-- 
2.49.0