fix oob write by actually truncating buffer

Found by Coverity scan of polyfox-moon: CID 121927 (#1 of 1): Out-of-bounds write (OVERRUN)

fix oob write by actually truncating buffer
Found by Coverity scan of polyfox-moon: CID 121927 (#1 of 1): Out-of-bounds write (OVERRUN)
24583a7a · cremno · ff49cf95 · 24583a7a
Commit 24583a7a authored Jul 03, 2015 by cremno
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

mrbgems/mruby-compiler/core/parse.y mrbgems/mruby-compiler/core/parse.y +5 -2

No files found.
--- a/mrbgems/mruby-compiler/core/parse.y
+++ b/mrbgems/mruby-compiler/core/parse.y
@@ -3604,10 +3604,13 @@ toklast(parser_state *p)
 static void
 tokfix(parser_state *p)
 {
-  if (p->bidx >= MRB_PARSER_BUF_SIZE) {
+  int i = p->bidx, imax = MRB_PARSER_BUF_SIZE - 1;
+  if (i > imax) {
+    i = imax;
    yyerror(p, "string too long (truncated)");
  }
-  p->buf[p->bidx] = '\0';
+  p->buf[i] = '\0';
 }
 static const char*