search

andmarti1424 / sc-im

sc-im - Spreadsheet Calculator Improvised -- An ncurses spreadsheet program for terminal
Other
4.8k stars 203 forks source link

Fix UB when parsing #789

Closed efjimm closed 1 year ago

efjimm commented 1 year ago

Closes #788. Also fixes potential buffer overruns in yylex.

Currently, when the lexer finds a WORD it loops through the keys in statres.h or experres.h and looks for a match. It does this by comparing the first character of the token with each key case insensitively, and if that succeeds, checks if the character in the key at tokenl is a null byte. If the key string begins with the same character as the token string, and is shorter than the token string, then there is a buffer overflow on this check.

andmarti1424 commented 1 year ago

@efjimm Merged. thank you!

andmarti1424 commented 1 year ago

Merged on dev branch