Commit 24583a7a authored by cremno's avatar cremno

fix oob write by actually truncating buffer

Found by Coverity scan of polyfox-moon:
CID 121927 (#1 of 1): Out-of-bounds write (OVERRUN)
parent ff49cf95
......@@ -3604,10 +3604,13 @@ toklast(parser_state *p)
static void
tokfix(parser_state *p)
{
if (p->bidx >= MRB_PARSER_BUF_SIZE) {
int i = p->bidx, imax = MRB_PARSER_BUF_SIZE - 1;
if (i > imax) {
i = imax;
yyerror(p, "string too long (truncated)");
}
p->buf[p->bidx] = '\0';
p->buf[i] = '\0';
}
static const char*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment