commit 8e4b7993be5ab2c798139e9113a654d86c608f39
parent 9da6ecf5b932a52eb9810ac3ff9b2d4dcec55621
Author: William Casarin <jb55@jb55.com>
Date: Fri, 6 Aug 2021 21:09:24 -0700
fix use after free bug in parser
Diffstat:
3 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/src/parse.c b/src/parse.c
@@ -1365,23 +1365,19 @@ int parse_buffer(struct parser *parser, u8 *file_buf, int len, u16 *root)
}
-int parse_file(struct parser *parser, const char *filename, u16 *root)
+int parse_file(struct parser *parser, const char *filename, u16 *root, u8 *buf,
+ u32 bufsize)
{
- /* TODO: increase these limits */
- int bufsize = 4096*4;
- u8 *file_buf = calloc(1, bufsize);
-
int count, ok;
- ok = read_file(filename, file_buf, bufsize, &count);
+ ok = read_file(filename, buf, bufsize, &count);
if (!ok) {
printf("failed to load '%s'\n", filename);
return 0;
}
- ok = parse_buffer(parser, file_buf, count, root);
- free(file_buf);
+ ok = parse_buffer(parser, buf, count, root);
return ok;
}
diff --git a/src/parse.h b/src/parse.h
@@ -132,7 +132,7 @@ struct parser {
};
int parse_buffer(struct parser *parser, u8 *file_buf, int len, u16 *root);
-int parse_file(struct parser *parser, const char *filename, u16 *root);
+int parse_file(struct parser *parser, const char *filename, u16 *root, u8 *buf, u32 bufsize);
int init_parser(struct parser *parser);
int free_parser(struct parser *parser);
void print_cell(struct cursor *attributes, struct cell *cell);
diff --git a/src/protoverse.c b/src/protoverse.c
@@ -103,6 +103,7 @@ extern char **environ;
int main(int argc, const char *argv[])
{
+ static u8 buf[4096*8];
char **env = environ;
const char *space, *code_file;
const char *cmd;
@@ -128,7 +129,7 @@ int main(int argc, const char *argv[])
return 1;
}
space = argv[2];
- ok = parse_file(&parser, space, &root);
+ ok = parse_file(&parser, space, &root, buf, sizeof(buf));
if (!ok) {
printf("failed to parse file\n");
return 1;
