gbdev/rgbds
1
0
Fork 0
mirror of https://github.com/gbdev/rgbds.git synced 2025-11-20 18:22:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds array access in lexer

Browse Source 
If the type char is signed, then in the function
yylex_GetFloatMaskAndFloatLen(), *s can have a negative value and be converted
to a negative int32_t which is then used as an array index. It should be
converted to uint8_t instead to ensure that the value is in the bounds of the
tFloatingFirstChar, tFloatingSecondChar, and tFloatingChars arrays.
This commit is contained in:
dbrotz
2019-06-16 15:50:56 -07:00
parent 54e5bf0f0c
commit 1decf5d0d4
4 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/asm/lexer.c
View File

@@ -471,17 +471,17 @@ void yylex_GetFloatMaskAndFloatLen(uint32_t *pnFloatMask, uint32_t *pnFloatLen)
char *s = pLexBuffer; char *s = pLexBuffer;
uint32_t nOldFloatMask = 0; uint32_t nOldFloatMask = 0;
uint32_t nFloatMask = tFloatingFirstChar[(int32_t)*s]; uint32_t nFloatMask = tFloatingFirstChar[(uint8_t)*s];
if (nFloatMask != 0) { if (nFloatMask != 0) {
s++; s++;
nOldFloatMask = nFloatMask; nOldFloatMask = nFloatMask;
nFloatMask &= tFloatingSecondChar[(int32_t)*s]; nFloatMask &= tFloatingSecondChar[(uint8_t)*s];
while (nFloatMask != 0) { while (nFloatMask != 0) {
s++; s++;
nOldFloatMask = nFloatMask; nOldFloatMask = nFloatMask;
nFloatMask &= tFloatingChars[(int32_t)*s]; nFloatMask &= tFloatingChars[(uint8_t)*s];
} }
} }

1
test/asm/garbage_char.asm Normal file
View File

@@ -0,0 +1 @@
x<EFBFBD>

3
test/asm/garbage_char.out Normal file
View File

@@ -0,0 +1,3 @@
ERROR: garbage_char.asm(1):
syntax error
error: Assembly aborted (1 errors)!

3
test/asm/garbage_char.out.pipe Normal file
View File

@@ -0,0 +1,3 @@
ERROR: -(1):
syntax error
error: Assembly aborted (1 errors)!