ref: 1decf5d0d45e8ec6a8a0fc0d4ba640dcc1f2fb13
parent: 54e5bf0f0c60b7ccc80215bfe10571267474e7f8
author: dbrotz <[email protected]>
date: Sun Jun 16 11:50:56 EDT 2019
Fix out of bounds array access in lexer If the type char is signed, then in the function yylex_GetFloatMaskAndFloatLen(), *s can have a negative value and be converted to a negative int32_t which is then used as an array index. It should be converted to uint8_t instead to ensure that the value is in the bounds of the tFloatingFirstChar, tFloatingSecondChar, and tFloatingChars arrays.
--- a/src/asm/lexer.c
+++ b/src/asm/lexer.c
@@ -471,17 +471,17 @@
char *s = pLexBuffer;
uint32_t nOldFloatMask = 0;
- uint32_t nFloatMask = tFloatingFirstChar[(int32_t)*s];
+ uint32_t nFloatMask = tFloatingFirstChar[(uint8_t)*s];
if (nFloatMask != 0) {
s++;
nOldFloatMask = nFloatMask;
- nFloatMask &= tFloatingSecondChar[(int32_t)*s];
+ nFloatMask &= tFloatingSecondChar[(uint8_t)*s];
while (nFloatMask != 0) {
s++;
nOldFloatMask = nFloatMask;
- nFloatMask &= tFloatingChars[(int32_t)*s];
+ nFloatMask &= tFloatingChars[(uint8_t)*s];
}
}
--- /dev/null
+++ b/test/asm/garbage_char.asm
@@ -1,0 +1,1 @@
+x
\ No newline at end of file
--- /dev/null
+++ b/test/asm/garbage_char.out
@@ -1,0 +1,3 @@
+ERROR: garbage_char.asm(1):
+ syntax error
+error: Assembly aborted (1 errors)!
--- /dev/null
+++ b/test/asm/garbage_char.out.pipe
@@ -1,0 +1,3 @@
+ERROR: -(1):
+ syntax error
+error: Assembly aborted (1 errors)!