omicron/oas
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

TODO: REVIEW ME AND WRITE PROPER MESSAGE

Browse Source 
Fix incorrect size comparison in lexer_consume_n

The buffer length len and the requested number of tokens n are mixed up
in an invalid comparison. This causes all valid requests for n < len
tokens to be denied and all invalid requests for n > len tokens to be
accepted. This may cause a buffer overflow if the caller requests more
characters than they provide space for.
This commit is contained in:
omicron 2025-04-01 23:36:08 +02:00
parent 0bc6aaa6af
commit 70033bcf5e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lexer.c
View File

@ -183,7 +183,7 @@ error_t *lexer_consume_n(lexer_t *lex, const size_t len,
char buffer[static len], const size_t n) {
if (lex->buffer_count < n)
return err_buffer_underrun;
if (len > n)
if (n > len)
return err_consume_excessive_length;
memcpy(buffer, lex->buffer, n);