diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | node.c | 7 |
2 files changed, 10 insertions, 3 deletions
@@ -1,5 +1,11 @@ 2017-01-26 Andrew J. Schorr <aschorr@telemetry-investments.com> + * node.c (is_hex): Add a new argument pointing to the end of the string + so we can check for string overrun. + (r_force_number): Pass string end to is_hex. + +2017-01-26 Andrew J. Schorr <aschorr@telemetry-investments.com> + * awk.h (get_numbase): Add string length argument so we can operate on unterminated strings. * awkgram.y: Call get_numbase with string length, and fix off-by-one @@ -41,12 +41,13 @@ int (*cmp_numbers)(const NODE *, const NODE *) = cmp_awknums; /* is_hex --- return true if a string looks like a hex value */ static bool -is_hex(const char *str) +is_hex(const char *str, const char *cpend) { + /* on entry, we know the string length is >= 1 */ if (*str == '-' || *str == '+') str++; - if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X')) + if (str + 1 < cpend && str[0] == '0' && (str[1] == 'x' || str[1] == 'X')) return true; return false; @@ -113,7 +114,7 @@ r_force_number(NODE *n) if ( (! do_posix /* not POSIXLY paranoid and */ && (is_alpha((unsigned char) *cp) /* letter, or */ /* CANNOT do non-decimal and saw 0x */ - || (! do_non_decimal_data && is_hex(cp))))) { + || (! do_non_decimal_data && is_hex(cp, cpend))))) { goto badnum; } |