zdoom/qzdoom
0
0
Fork 0
mirror of https://github.com/ZDoom/qzdoom.git synced 2024-11-10 14:51:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Lemon update 2014-01-11 12:52:25 on branch trunk

Browse source 
- In LEMON, limit the size of the grammar file to 100MB. This ensures that the program will never experience integer overflow. To be doubly sure, use calloc() instead of malloc() when allocating arrays. (user: drh)
This commit is contained in:
Randy Heit 2016-03-20 10:14:22 -05:00
parent e59ef08cc8
commit dd0d0e036c
1 changed files with 13 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
tools/lemon/lemon.c
View file

@ -2581,9 +2581,8 @@ void Parse(struct lemon *gp)
filesize = ftell(fp); filesize = ftell(fp);
rewind(fp); rewind(fp);
filebuf = (char *)malloc( filesize+1 ); filebuf = (char *)malloc( filesize+1 );
if( filebuf==0 ){ if( filesize>100000000 || filebuf==0 ){
ErrorMsg(ps.filename,0,"Can't allocate %d of memory to hold this file.", ErrorMsg(ps.filename,0,"Input file too large.");
filesize+1);
gp->errorcnt++; gp->errorcnt++;
fclose(fp); fclose(fp);
return; return;
@ -4377,8 +4376,7 @@ void Strsafe_init(){
if( x1a ){ if( x1a ){
x1a->size = 1024; x1a->size = 1024;
x1a->count = 0; x1a->count = 0;
x1a->tbl = (x1node*)malloc( x1a->tbl = (x1node*)calloc(1024, sizeof(x1node) + sizeof(x1node*));
(sizeof(x1node) + sizeof(x1node*))*1024 );
if( x1a->tbl==0 ){ if( x1a->tbl==0 ){
free(x1a); free(x1a);
x1a = 0; x1a = 0;
@ -4415,8 +4413,7 @@ int Strsafe_insert(const char *data)
struct s_x1 array; struct s_x1 array;
array.size = size = x1a->size*2; array.size = size = x1a->size*2;
array.count = x1a->count; array.count = x1a->count;
array.tbl = (x1node*)malloc( array.tbl = (x1node*)calloc(size, sizeof(x1node) + sizeof(x1node*));
(sizeof(x1node) + sizeof(x1node*))*size );
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */ if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x1node**)&(array.tbl[size]); array.ht = (x1node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0; for(i=0; i<size; i++) array.ht[i] = 0;
@ -4546,8 +4543,7 @@ void Symbol_init(){
if( x2a ){ if( x2a ){
x2a->size = 128; x2a->size = 128;
x2a->count = 0; x2a->count = 0;
x2a->tbl = (x2node*)malloc( x2a->tbl = (x2node*)calloc(128, sizeof(x2node) + sizeof(x2node*));
(sizeof(x2node) + sizeof(x2node*))*128 );
if( x2a->tbl==0 ){ if( x2a->tbl==0 ){
free(x2a); free(x2a);
x2a = 0; x2a = 0;
@ -4584,8 +4580,7 @@ int Symbol_insert(struct symbol *data, const char *key)
struct s_x2 array; struct s_x2 array;
array.size = size = x2a->size*2; array.size = size = x2a->size*2;
array.count = x2a->count; array.count = x2a->count;
array.tbl = (x2node*)malloc( array.tbl = (x2node*)calloc(size, sizeof(x2node) + sizeof(x2node*));
(sizeof(x2node) + sizeof(x2node*))*size );
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */ if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x2node**)&(array.tbl[size]); array.ht = (x2node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0; for(i=0; i<size; i++) array.ht[i] = 0;
@ -4745,8 +4740,7 @@ void State_init(){
if( x3a ){ if( x3a ){
x3a->size = 128; x3a->size = 128;
x3a->count = 0; x3a->count = 0;
x3a->tbl = (x3node*)malloc( x3a->tbl = (x3node*)calloc(128, sizeof(x3node) + sizeof(x3node*));
(sizeof(x3node) + sizeof(x3node*))*128 );
if( x3a->tbl==0 ){ if( x3a->tbl==0 ){
free(x3a); free(x3a);
x3a = 0; x3a = 0;
@ -4783,8 +4777,7 @@ int State_insert(struct state *data, struct config *key)
struct s_x3 array; struct s_x3 array;
array.size = size = x3a->size*2; array.size = size = x3a->size*2;
array.count = x3a->count; array.count = x3a->count;
array.tbl = (x3node*)malloc( array.tbl = (x3node*)calloc(size, sizeof(x3node) + sizeof(x3node*));
(sizeof(x3node) + sizeof(x3node*))*size );
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */ if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x3node**)&(array.tbl[size]); array.ht = (x3node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0; for(i=0; i<size; i++) array.ht[i] = 0;
@ -4841,7 +4834,7 @@ struct state **State_arrayof()
int i,size; int i,size;
if( x3a==0 ) return 0; if( x3a==0 ) return 0;
size = x3a->count; size = x3a->count;
array = (struct state **)malloc( sizeof(struct state *)*size ); array = (struct state **)calloc(size, sizeof(struct state *));
if( array ){ if( array ){
for(i=0; i<size; i++) array[i] = x3a->tbl[i].data; for(i=0; i<size; i++) array[i] = x3a->tbl[i].data;
} }
@ -4887,8 +4880,7 @@ void Configtable_init(){
if( x4a ){ if( x4a ){
x4a->size = 64; x4a->size = 64;
x4a->count = 0; x4a->count = 0;
x4a->tbl = (x4node*)malloc( x4a->tbl = (x4node*)calloc(64, sizeof(x4node) + sizeof(x4node*));
(sizeof(x4node) + sizeof(x4node*))*64 );
if( x4a->tbl==0 ){ if( x4a->tbl==0 ){
free(x4a); free(x4a);
x4a = 0; x4a = 0;
@ -4925,8 +4917,7 @@ int Configtable_insert(struct config *data)
struct s_x4 array; struct s_x4 array;
array.size = size = x4a->size*2; array.size = size = x4a->size*2;
array.count = x4a->count; array.count = x4a->count;
array.tbl = (x4node*)malloc( array.tbl = (x4node*)calloc(size, sizeof(x4node) + sizeof(x4node*));
(sizeof(x4node) + sizeof(x4node*))*size );
if( array.tbl==0 ) return 0; /* Fail due to malloc failure */ if( array.tbl==0 ) return 0; /* Fail due to malloc failure */
array.ht = (x4node**)&(array.tbl[size]); array.ht = (x4node**)&(array.tbl[size]);
for(i=0; i<size; i++) array.ht[i] = 0; for(i=0; i<size; i++) array.ht[i] = 0;