ref: 951c9b66f40592d26fc9cd9f97b05af3a7cb711e
parent: 0a66e143071d423b118e677c5e5b1a8a77a2923b
author: Ben10do <[email protected]>
date: Thu Jan 26 17:01:03 EST 2017
Don't segfault on null bytes in REPTs and MACROs Previously, the copyrept() and copymacro() functions would halt their first loop (in which they determine the length of the block) prematurely, causing an underflow when setting len, eventually causing memory issues. Whilst this doesn’t solve the len underflow entirely (e.g. if the file ends immediately without an ENDR/ENDM), it should help with this exact scenario of null bytes (as #50).
--- a/src/asm/asmy.y
+++ b/src/asm/asmy.y
@@ -142,8 +142,9 @@
{SLONG level=1, len, instring=0;
char *src=pCurrentBuffer->pBuffer;
+ char *bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
- while( *src && level )
+ while( src < bufferEnd && level )
{if( instring==0 )
{@@ -217,8 +218,9 @@
{SLONG level=1, len, instring=0;
char *src=pCurrentBuffer->pBuffer;
+ char *bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
- while( *src && level )
+ while( src < bufferEnd && level )
{if( instring==0 )
{