From 542b5d18f1307f23104bdc52fed03ad249895c1c Mon Sep 17 00:00:00 2001 From: ISSOtm Date: Sun, 23 Aug 2020 00:51:36 +0200 Subject: [PATCH] Fix possible capture buffer size overflow Attempt to grow it to the max size first. Seriously, if this triggers, *how* --- src/asm/lexer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/asm/lexer.c b/src/asm/lexer.c index bdc3e877..e2a0636e 100644 --- a/src/asm/lexer.c +++ b/src/asm/lexer.c @@ -503,7 +503,12 @@ void lexer_ToggleStringExpansion(bool enable) static void reallocCaptureBuf(void) { - lexerState->captureCapacity *= 2; + if (lexerState->captureCapacity == SIZE_MAX) + fatalerror("Cannot grow capture buffer past %zu bytes", SIZE_MAX); + else if (lexerState->captureCapacity > SIZE_MAX / 2) + lexerState->captureCapacity = SIZE_MAX; + else + lexerState->captureCapacity *= 2; lexerState->captureBuf = realloc(lexerState->captureBuf, lexerState->captureCapacity); if (!lexerState->captureBuf) fatalerror("realloc error while resizing capture buffer: %s\n", strerror(errno));