diff options
| author | Ranjit Mathew <rmathew@hotmail.com> | 2005-08-16 18:46:18 +0000 |
|---|---|---|
| committer | Ranjit Mathew <rmathew@gcc.gnu.org> | 2005-08-16 18:46:18 +0000 |
| commit | 17b456229ec66d747ffb569508fa168f5d92cfc8 (patch) | |
| tree | 171349b84a5e6f0d001eac3f48739c1e2237c51c /gcc/java | |
| parent | 17ccdd2c51e9498d5eddd581e5328253ae42fb2a (diff) | |
| download | gcc-17b456229ec66d747ffb569508fa168f5d92cfc8.zip gcc-17b456229ec66d747ffb569508fa168f5d92cfc8.tar.gz gcc-17b456229ec66d747ffb569508fa168f5d92cfc8.tar.bz2 | |
re PR java/22113 (Buffer overflow in the lexical analyser while reading FP literals)
PR java/22113
* lex.c (do_java_lex): Define MAX_TOKEN_LEN. Avoid overflowing
`literal_token' for large numeric input tokens.
From-SVN: r103167
Diffstat (limited to 'gcc/java')
| -rw-r--r-- | gcc/java/ChangeLog | 6 | ||||
| -rw-r--r-- | gcc/java/lex.c | 29 |
2 files changed, 25 insertions, 10 deletions
diff --git a/gcc/java/ChangeLog b/gcc/java/ChangeLog index 4985baa..07dfc5b 100644 --- a/gcc/java/ChangeLog +++ b/gcc/java/ChangeLog @@ -1,5 +1,11 @@ 2005-08-16 Ranjit Mathew <rmathew@hotmail.com> + PR java/22113 + * lex.c (do_java_lex): Define MAX_TOKEN_LEN. Avoid overflowing + `literal_token' for large numeric input tokens. + +2005-08-16 Ranjit Mathew <rmathew@hotmail.com> + PR java/19870 * parse.y (nested_field_access_p): Rename to nested_member_access_p and expand to handle method accesses across nested classes. diff --git a/gcc/java/lex.c b/gcc/java/lex.c index c4c2bbf..6941c4e 100644 --- a/gcc/java/lex.c +++ b/gcc/java/lex.c @@ -965,7 +965,9 @@ do_java_lex (YYSTYPE *java_lval) int parts[TOTAL_PARTS]; HOST_WIDE_INT high, low; /* End borrowed section. */ - char literal_token [256]; + +#define MAX_TOKEN_LEN 256 + char literal_token [MAX_TOKEN_LEN + 1]; int literal_index = 0, radix = 10, long_suffix = 0, overflow = 0, bytes; int found_hex_digits = 0, found_non_octal_digits = -1; int i; @@ -1020,9 +1022,14 @@ do_java_lex (YYSTYPE *java_lval) } } } + + /* Terminate LITERAL_TOKEN in case we bail out on large tokens. */ + literal_token [MAX_TOKEN_LEN] = '\0'; + /* Parse the first part of the literal, until we find something which is not a number. */ - while (radix == 16 ? JAVA_ASCII_HEXDIGIT (c) : JAVA_ASCII_DIGIT (c)) + while ((radix == 16 ? JAVA_ASCII_HEXDIGIT (c) : JAVA_ASCII_DIGIT (c)) + && literal_index < MAX_TOKEN_LEN) { /* We store in a string (in case it turns out to be a FP) and in PARTS if we have to process a integer literal. */ @@ -1078,7 +1085,7 @@ do_java_lex (YYSTYPE *java_lval) java_lex_error ("Can't express non-decimal FP literal", 0); radix = 10; - for (;;) + for (; literal_index < MAX_TOKEN_LEN;) { if (c == '.') { @@ -1095,7 +1102,7 @@ do_java_lex (YYSTYPE *java_lval) java_lex_error ("Invalid character in FP literal", 0); } - if (c == 'e' || c == 'E') + if ((c == 'e' || c == 'E') && literal_index < MAX_TOKEN_LEN) { if (stage < 2) { @@ -1119,7 +1126,8 @@ do_java_lex (YYSTYPE *java_lval) stage = 4; /* So we fall through. */ } - if ((c=='-' || c =='+') && stage == 2) + if ((c=='-' || c =='+') && stage == 2 + && literal_index < MAX_TOKEN_LEN) { stage = 3; literal_token [literal_index++] = c; @@ -1127,10 +1135,11 @@ do_java_lex (YYSTYPE *java_lval) c = java_peek_unicode (); } - if ((stage == 0 && JAVA_ASCII_FPCHAR (c)) || - (stage == 1 && JAVA_ASCII_FPCHAR (c) && !(c == '.')) || - (stage == 2 && (JAVA_ASCII_DIGIT (c) || JAVA_FP_PM (c))) || - (stage == 3 && JAVA_ASCII_DIGIT (c))) + if (((stage == 0 && JAVA_ASCII_FPCHAR (c)) + || (stage == 1 && JAVA_ASCII_FPCHAR (c) && !(c == '.')) + || (stage == 2 && (JAVA_ASCII_DIGIT (c) || JAVA_FP_PM (c))) + || (stage == 3 && JAVA_ASCII_DIGIT (c))) + && literal_index < MAX_TOKEN_LEN) { if (JAVA_ASCII_DIGIT (c)) seen_digit = 1; @@ -1140,7 +1149,7 @@ do_java_lex (YYSTYPE *java_lval) java_next_unicode (); c = java_peek_unicode (); } - else + else if (literal_index < MAX_TOKEN_LEN) { if (stage == 4) /* Don't push back fF/dD. */ java_next_unicode (); |