commit 6662e4323b9d658de6cf909c16f997515e03d83b
parent bde0ef892aeb95d7aaa95ffb11b0bd82b2a31d9c
Author: Roberto E. Vargas Caballero <k0ga@shike2.com>
Date: Thu, 12 Jan 2017 08:55:02 +0100
[cc1] fix off-by-one bug in getdefs
The pointer to the buffer was incremented but the size was not decremented,
and it could generate overrun in buffers.
Diffstat:
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/cc1/cpp.c b/cc1/cpp.c
@@ -351,8 +351,10 @@ getdefs(Symbol *args[NR_MACROARG], int nargs, char *bp, size_t bufsiz)
bp += len;
bufsiz -= len;
}
- if ((prevc = yytoken) != '#')
+ if ((prevc = yytoken) != '#') {
*bp++ = ' ';
+ --bufsiz;
+ }
next();
}
*bp = '\0';
