Blame SOURCES/graphviz-2.30.1-CVE-2014-0978-CVE-2014-1235.patch
|
 |
d3d782 |
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
|
|
|
d3d782 |
index e2215d1..f41049d 100644
|
|
|
d3d782 |
--- a/lib/cgraph/scan.l
|
|
|
d3d782 |
+++ b/lib/cgraph/scan.l
|
|
|
d3d782 |
@@ -16,6 +16,7 @@
|
|
|
d3d782 |
%{
|
|
|
d3d782 |
#include <grammar.h>
|
|
|
d3d782 |
#include <cghdr.h>
|
|
|
d3d782 |
+#include <agxbuf.h>
|
|
|
d3d782 |
#include <ctype.h>
|
|
|
d3d782 |
#define GRAPH_EOF_TOKEN '@' /* lex class must be defined below */
|
|
|
d3d782 |
/* this is a workaround for linux flex */
|
|
|
d3d782 |
@@ -192,13 +193,22 @@ ID ({NAME}|{NUMBER})
|
|
|
d3d782 |
%%
|
|
|
d3d782 |
void yyerror(char *str)
|
|
|
d3d782 |
{
|
|
|
d3d782 |
+ unsigned char xbuf[BUFSIZ];
|
|
|
d3d782 |
char buf[BUFSIZ];
|
|
|
d3d782 |
- if (InputFile)
|
|
|
d3d782 |
- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile, line_num,
|
|
|
d3d782 |
- str,line_num,yytext);
|
|
|
d3d782 |
- else
|
|
|
d3d782 |
- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
|
|
|
d3d782 |
- agerr(AGWARN,buf);
|
|
|
d3d782 |
+ agxbuf xb;
|
|
|
d3d782 |
+
|
|
|
d3d782 |
+ agxbinit(&xb, BUFSIZ, xbuf);
|
|
|
d3d782 |
+ if (InputFile) {
|
|
|
d3d782 |
+ agxbput (&xb, InputFile);
|
|
|
d3d782 |
+ agxbput (&xb, ": ");
|
|
|
d3d782 |
+ }
|
|
|
d3d782 |
+ agxbput (&xb, str);
|
|
|
d3d782 |
+ sprintf(buf," in line %d near '", line_num);
|
|
|
d3d782 |
+ agxbput (&xb, buf);
|
|
|
d3d782 |
+ agxbput (&xb, yytext);
|
|
|
d3d782 |
+ agxbput (&xb,"'\n");
|
|
|
d3d782 |
+ agerr(AGWARN,agxbuse(&xb));
|
|
|
d3d782 |
+ agxbfree(&xb;;
|
|
|
d3d782 |
}
|
|
|
d3d782 |
/* must be here to see flex's macro defns */
|
|
|
d3d782 |
void aglexeof() { unput(GRAPH_EOF_TOKEN); }
|