Buffer overrun in Lexer with string literal longer than 4096 characters #316
Comments
andreasabel
added a commit
that referenced
this issue
Nov 13, 2020
This bug surface when setting the buffer size to 2048 (previously it was 2000 and going one byte over went unnoticed). We need to maintain cur_ < buf_size (not just cur_ <= buf_size).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The generated lexer uses a fixed buffer that can overrun when lexing a long string literal:
bnfc/source/src/BNFC/Backend/C/CFtoFlexC.hs
Lines 86 to 89 in fb85ff1
(The authors were probably aware of the problem but did not care to fix it.)
Currently the length is fixed to 4096 characters, a longer string (5000 characters) overruns the buffer, leading e.g. to a crash (C) or a parse failure (C++).
This affects the C and C++ backends.
The text was updated successfully, but these errors were encountered: