Avoid Heap Overflow in `heredoc_remove_indent`; fix #5316

c43dd75e · Yukihiro "Matz" Matsumoto · 810d13da · c43dd75e · c43dd75e
Unverified Commit c43dd75e authored Feb 03, 2021 by Yukihiro "Matz" Matsumoto
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

mrbgems/mruby-compiler/core/parse.y mrbgems/mruby-compiler/core/parse.y +2 -1

mrbgems/mruby-compiler/core/y.tab.c mrbgems/mruby-compiler/core/y.tab.c +2 -1

No files found.
--- a/mrbgems/mruby-compiler/core/parse.y
+++ b/mrbgems/mruby-compiler/core/parse.y
@@ -4693,7 +4693,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
          escaped = escaped->cdr;
        nspaces = nspaces->cdr;
      }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
      pair->car = (node*)newstr;
      pair->cdr = (node*)newlen;
    } else {

--- a/mrbgems/mruby-compiler/core/y.tab.c
+++ b/mrbgems/mruby-compiler/core/y.tab.c
@@ -10729,7 +10729,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
          escaped = escaped->cdr;
        nspaces = nspaces->cdr;
      }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
      pair->car = (node*)newstr;
      pair->cdr = (node*)newlen;
    } else {