From a4ae2a4d92ea3b9c7994ce790ed06bdb035c366d Mon Sep 17 00:00:00 2001 From: Andreas Abel Date: Sun, 4 Nov 2018 21:05:03 +0100 Subject: [PATCH] [ fixed #242 ] segfault due to buffer overrun in C++ printer After some buffer resizings, trying to strcpy the buffer into a buffer of the initial size will fail spectacularly. Exposed on Mac OS X. The copying was anyway silly if the buffer is to be filled with zeros afterwards, thus, simply don't do it! --- source/src/BNFC/Backend/CPP/PrettyPrinter.hs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source/src/BNFC/Backend/CPP/PrettyPrinter.hs b/source/src/BNFC/Backend/CPP/PrettyPrinter.hs index 0b5fabdb..7f0ec69f 100644 --- a/source/src/BNFC/Backend/CPP/PrettyPrinter.hs +++ b/source/src/BNFC/Backend/CPP/PrettyPrinter.hs @@ -137,10 +137,15 @@ mkHFile useStl inPackage cf groups = unlines if useStl then render (nest 2 bufAppendString) else "", " void inline bufReset(void)", " {", - " cur_ = 0;", + " if (buf_) free(buf_);", " buf_size = " ++ nsDefine inPackage "BUFFER_INITIAL" ++ ";", - " resizeBuffer();", + " buf_ = (char *) malloc(buf_size);", + " if (!buf_) {", + " fprintf(stderr, \"Error: Out of memory while allocating buffer!\\n\");", + " exit(1);", + " }", " memset(buf_, 0, buf_size);", + " cur_ = 0;", " }", "", " void inline resizeBuffer(void)",