diff options
| author |   Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-07-22 14:00:25 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-07 21:02:14 -0700 |
| commit | 7601387b02d9798f54844858e932d2f3727811cd (patch) | |
| tree | cc8683e706bccd888d40860e1e3e46e14a447340 /expression.c | |
| parent | Don't allow string concatenation to overflow MAX_STRING. (diff) | |
| download | sparse-7601387b02d9798f54844858e932d2f3727811cd.tar.gz sparse-7601387b02d9798f54844858e932d2f3727811cd.tar.bz2 sparse-7601387b02d9798f54844858e932d2f3727811cd.zip | |
C99 says strings should be up to 4095 bytes.
Also, while we're here, be more careful about the
exact limits, and concatenation: we want to have
the ending NUL character even when we concatenate
too much.
Diffstat (limited to 'expression.c')
| -rw-r--r-- | expression.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/expression.c b/expression.c index 812f49a..af1ed3d 100644 --- a/expression.c +++ b/expression.c @@ -65,7 +65,7 @@ static struct token *string_expression(struct token *token, struct expression *e struct token *next = token->next; if (token_type(next) == TOKEN_STRING) { - int totlen = string->length; + int totlen = string->length-1; char *data; do { @@ -78,13 +78,13 @@ static struct token *string_expression(struct token *token, struct expression *e totlen = MAX_STRING; } - string = __alloc_string(totlen); - string->length = totlen; + string = __alloc_string(totlen+1); + string->length = totlen+1; data = string->data; next = token; do { struct string *s = next->string; - int len = s->length; + int len = s->length-1; if (len > totlen) len = totlen; @@ -92,8 +92,9 @@ static struct token *string_expression(struct token *token, struct expression *e next = next->next; memcpy(data, s->data, len); - data += len-1; + data += len; } while (token_type(next) == TOKEN_STRING); + *data = '\0'; } expr->string = string; return next; |