commit a0e6b9b6b4c4e454201dc18fd04db414f11cd36e
parent 6cbfe36885806fff34fd3d6c0f22d439e9321dc7
Author: Roberto E. Vargas Caballero <k0ga@shike2.com>
Date: Thu, 12 Mar 2015 19:16:01 +0000
Avoid memory corruption in cc2
we were taking a value of the user and using it as index of an array without
checking that the value was correct.
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/cc2/parser.c b/cc2/parser.c
@@ -398,12 +398,13 @@ expression(char *token)
{
Node *np;
void (*fun)(char *);
+ unsigned c;
if (!curfun)
error(ESYNTAX);
do {
- if ((fun = optbl[token[0]]) == NULL)
+ if ((c = token[0]) > 0x1f || (fun = optbl[c]) == NULL)
error(ESYNTAX);
(*fun)(token);
} while (token = strtok(NULL, "\t"));
