summary refs log tree commit diff
diff options
context:
space:
mode:
authorQuentin Carbonneaux <quentin@c9x.me>2021-07-28 00:53:09 +0200
committerQuentin Carbonneaux <quentin@c9x.me>2021-07-28 00:53:09 +0200
commit5a4369dd279b1ee50779ae4ab16daaa035eeeb69 (patch)
treeabb1617109526574d9311ac56d7a22edc5256f83
parent7f4ab8d801edd1db8518ecd110c53483f847a8e9 (diff)
downloadroux-5a4369dd279b1ee50779ae4ab16daaa035eeeb69.tar.gz
fix buffer overflow in parser (afl)
Reported by Alessandro Mantovani.
Overly long function names would
trigger out-of-bounds accesses.
Diffstat
-rw-r--r--parse.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/parse.c b/parse.c
index 48f2f6e..a7e4452 100644
--- a/parse.c
+++ b/parse.c
@@ -813,7 +813,7 @@ parsefn(int export)
 		rcls = 5;
 	if (next() != Tglo)
 		err("function name expected");
-	strcpy(curf->name, tokval.str);
+	strncpy(curf->name, tokval.str, NString-1);
 	curf->vararg = parserefl(0);
 	if (nextnl() != Tlbrace)
 		err("function body must start with {");
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-01-07 23:48:00 +0000