From 1d1bdec6318746f6f19f245db589eddc887ae8ff Mon Sep 17 00:00:00 2001

From: "Emden R. Gansner" <erg@alum.mit.edu>

Date: Wed, 8 Jan 2014 11:31:04 -0500

Subject: [PATCH] Fix possible buffer overflow problem in chkNum of scanner.

---

 lib/cgraph/scan.l | 35 ++++++++++++++++++++++++++---------

 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l

index 212967c..d065b61 100644

--- a/lib/cgraph/scan.l

+++ b/lib/cgraph/scan.l

@@ -129,15 +129,32 @@ static void ppDirective (void)

  * and report this to the user.

  */

 static int chkNum(void) {

-  unsigned char	c = (unsigned char)yytext[yyleng-1];   /* last character */

-  if (!isdigit(c) && (c != '.')) {  /* c is letter */

-	char	buf[BUFSIZ];

-	sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);

-    strcat (buf, "splits into two name tokens\n");

-	agerr(AGWARN,buf);

-    return 1;

-  }

-  else return 0;

+    unsigned char c = (unsigned char)yytext[yyleng-1];   /* last character */

+    if (!isdigit(c) && (c != '.')) {  /* c is letter */

+	unsigned char xbuf[BUFSIZ];

+	char buf[BUFSIZ];

+	agxbuf  xb;

+	char* fname;

+

+	if (InputFile)

+	    fname = InputFile;

+	else

+	    fname = "input";

+

+	agxbinit(&xb, BUFSIZ, xbuf);

+

+	agxbput(&xb,"syntax ambiguity - badly delimited number '");

+	agxbput(&xb,yytext);

+	sprintf(buf,"' in line %d of ", line_num);

+	agxbput(&xb,buf);

+	agxbput(&xb,fname);

+	agxbput(&xb, " splits into two tokens\n");

+	agerr(AGWARN,agxbuse(&xb));

+

+	agxbfree(&xb;;

+	return 1;

+    }

+    else return 0;

 }

 /* The LETTER class below consists of ascii letters, underscore, all non-ascii

-- 

1.8.5.1