From c9b29e10e8e755bcbf13553583fa0b8cd659a8e0 Mon Sep 17 00:00:00 2001
From: omicron <omicron.me@protonmail.com>
Date: Tue, 1 Apr 2025 23:36:08 +0200
Subject: [PATCH] Fix incorrect size comparison in lexer_consume_n

The buffer length len and the requested number of tokens n are mixed up
in an invalid comparison. This causes all valid requests for n < len
tokens to be denied and all invalid requests for n > len tokens to be
accepted. This may cause a buffer overflow if the caller requests more
characters than they provide space for.
---
 src/lexer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lexer.c b/src/lexer.c
index 08a96bd..27aef0c 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -183,7 +183,7 @@ error_t *lexer_consume_n(lexer_t *lex, const size_t len,
                          char buffer[static len], const size_t n) {
     if (lex->buffer_count < n)
         return err_buffer_underrun;
-    if (len > n)
+    if (n > len)
         return err_consume_excessive_length;
 
     memcpy(buffer, lex->buffer, n);