Fix for bug #157 (token buffer overflow with long lines).

[rmac] / token.c

diff --git a/token.c b/token.c
index c8678532a271a00e4b84d20d16f1edd812146646..9299e3f7c3d7ffb9605421514ac471fded34a7d3 100644 (file)
--- a/token.c
+++ b/token.c
@@ -22,7 +22,7 @@
 
 
 int lnsave;                                    // 1; strcpy() text of current line
-uint16_t curlineno;                    // Current line number (64K max currently)
+uint32_t curlineno;                    // Current line number (64K max currently)
 int totlines;                          // Total # of lines
 int mjump_align = 0;           // mjump alignment flag
 char lntag;                                    // Line tag
@@ -604,6 +604,9 @@ DEBUG { printf("ExM: SYMBOL=\"%s\"", d); }
                                                        case CR_ABSCOUNT:
                                                                d = "^^abscount";
                                                                break;
+                                                       case CR_FILESIZE:
+                                                               d = "^^filesize";
+                                                               break;
                                                        case CR_DATE:
                                                                d = "^^date";
                                                                break;
@@ -789,7 +792,7 @@ int fpop(void)
        if (numUnmatched > 0)
                warn("missing %d .endif(s)", numUnmatched);
 
-       tok = inobj->in_otok;   // Restore tok and otok
+       tok = inobj->in_otok;   // Restore tok and etok
        etok = inobj->in_etok;
 
        switch (inobj->in_type)
@@ -1041,7 +1044,13 @@ DEBUG { printf("TokenizeLine: Calling fpop() from SRC_IFILE...\n"); }
        // macro-type blocks, since it is expensive to unconditionally copy every
        // line.
        if (lnsave)
+       {
+               // Sanity check
+               if (strlen(ln) > LNSIZ)
+                       return error("line too long (%d, max %d)", strlen(ln), LNSIZ);
+
                strcpy(lnbuf, ln);
+       }
 
        // General housekeeping
        tok = tokeol;                   // Set "tok" to EOL in case of error
@@ -1072,6 +1081,12 @@ DEBUG { printf("TokenizeLine: Calling fpop() from SRC_IFILE...\n"); }
        //  o  handle multiple-character tokens (constants, strings, etc.).
        for(; *ln!=EOS;)
        {
+               // Check to see if there's enough space in the token buffer
+               if (tk.cp >= ((uint8_t *)(&tokbuf[TOKBUFSIZE])) - 20)
+               {
+                       return error("token buffer overrun");
+               }
+
                // Skip whitespace, handle EOL
                while (chrtab[*ln] & WHITE)
                        ln++;
@@ -1731,6 +1746,8 @@ void DumpToken(TOKEN t)
                printf("[ENDEXPR]");
        else if (t == CR_ABSCOUNT)
                printf("[CR_ABSCOUNT]");
+       else if (t == CR_FILESIZE)
+               printf("[CR_FILESIZE]");
        else if (t == CR_DEFINED)
                printf("[CR_DEFINED]");
        else if (t == CR_REFERENCED)
@@ -1835,6 +1852,8 @@ void DumpTokenBuffer(void)
                        printf("[ENDEXPR]");
                else if (*t == CR_ABSCOUNT)
                        printf("[CR_ABSCOUNT]");
+               else if (*t == CR_FILESIZE)
+                       printf("[CR_FILESIZE]");
                else if (*t == CR_DEFINED)
                        printf("[CR_DEFINED]");
                else if (*t == CR_REFERENCED)