groff-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[groff] 12/20: [eqn]: Fix Savannah #63214.


From: G. Branden Robinson
Subject: [groff] 12/20: [eqn]: Fix Savannah #63214.
Date: Fri, 3 Feb 2023 16:47:55 -0500 (EST)

gbranden pushed a commit to branch master
in repository groff.

commit 947a6822a1667457b249856d76e3741329e31848
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Fri Feb 3 04:40:25 2023 -0600

    [eqn]: Fix Savannah #63214.
    
    * src/preproc/eqn/lex.cpp (get_delimited_text): Avoid reading from
      invalid memory when throwing diagnostic.  Duplicate `filename` string,
      then free it on all paths out of function.
    
    Fixes <https://savannah.gnu.org/bugs/?63214>.
---
 ChangeLog               |  8 ++++++++
 src/preproc/eqn/lex.cpp | 11 ++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ad6dbf631..d4b7e7f57 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2023-02-03  G. Branden Robinson <g.branden.robinson@gmail.com>
+
+       * src/preproc/eqn/lex.cpp (get_delimited_text): Avoid reading
+       from invalid memory when throwing diagnostic.  Duplicate
+       `filename` string, then free it on all paths out of function.
+
+       Fixes <https://savannah.gnu.org/bugs/?63214>.
+
 2023-02-03  G. Branden Robinson <g.branden.robinson@gmail.com>
 
        [tbl]: Add more tests.
diff --git a/src/preproc/eqn/lex.cpp b/src/preproc/eqn/lex.cpp
index afca8e6f8..e38a486e3 100644
--- a/src/preproc/eqn/lex.cpp
+++ b/src/preproc/eqn/lex.cpp
@@ -702,9 +702,11 @@ void init_lex(const char *str, const char *filename, int 
lineno)
 
 void get_delimited_text()
 {
-  char *filename;
+  char *filename, *last_seen_filename;
   int lineno;
   int got_location = get_location(&filename, &lineno);
+  // `filename` gets invalidated if we iterate off the end of the file.
+  last_seen_filename = strdup(filename);
   int start = get_char();
   while (start == ' ' || start == '\t' || start == '\n')
     start = get_char();
@@ -712,10 +714,11 @@ void get_delimited_text()
   if (start == EOF) {
     current_lineno = 0;
     if (got_location)
-      error_with_file_and_line(filename, lineno,
+      error_with_file_and_line(last_seen_filename, lineno,
                               "end of input while defining macro");
     else
       error("end of input while defining macro");
+    free(last_seen_filename);
     return;
   }
   for (;;) {
@@ -723,11 +726,12 @@ void get_delimited_text()
     if (c == EOF) {
       current_lineno = 0;
       if (got_location)
-       error_with_file_and_line(filename, lineno,
+       error_with_file_and_line(last_seen_filename, lineno,
                                 "end of input while defining macro");
       else
        error("end of input while defining macro");
       add_context(start + token_buffer);
+      free(last_seen_filename);
       return;
     }
     if (c == start)
@@ -735,6 +739,7 @@ void get_delimited_text()
     token_buffer += char(c);
   }
   add_context(start + token_buffer + start);
+  free(last_seen_filename);
 }
 
 void interpolate_macro_with_args(const char *body)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]