Berry apply upstream fixes (#21194)

This commit is contained in:
s-hadinger 2024-04-15 22:12:16 +02:00 committed by GitHub
parent d9895a0fcb
commit c1845b952b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 20 additions and 6 deletions

View File

@ -354,7 +354,9 @@ static btokentype scan_decimal(blexer *lexer)
if (has_decimal_dots || is_realexp) { if (has_decimal_dots || is_realexp) {
type = TokenReal; type = TokenReal;
} }
lexer->buf.s[lexer->buf.len] = '\0'; /* use save_char to add the null terminator, */
/* since it handles expanding the buffer if needed. */
save_char(lexer, '\0');
if (type == TokenReal) { if (type == TokenReal) {
setreal(lexer, be_str2real(lexbuf(lexer), NULL)); setreal(lexer, be_str2real(lexbuf(lexer), NULL));
} else { } else {
@ -431,7 +433,7 @@ static btokentype scan_string(blexer *lexer); /* forward declaration */
/* scan f-string and transpile it to `format(...)` syntax then feeding the normal lexer and parser */ /* scan f-string and transpile it to `format(...)` syntax then feeding the normal lexer and parser */
static void scan_f_string(blexer *lexer) static void scan_f_string(blexer *lexer)
{ {
char ch; char ch = '\0';
clear_buf(lexer); clear_buf(lexer);
scan_string(lexer); /* first scan the entire string in lexer->buf */ scan_string(lexer); /* first scan the entire string in lexer->buf */

View File

@ -549,7 +549,7 @@ static const char* skip2dig(const char *s)
return s; return s;
} }
static const char* get_mode(const char *str, char *buf) static const char* get_mode(const char *str, char *buf, size_t buf_len)
{ {
const char *p = str; const char *p = str;
while (*p && strchr(FLAGES, *p)) { /* skip flags */ while (*p && strchr(FLAGES, *p)) { /* skip flags */
@ -560,8 +560,13 @@ static const char* get_mode(const char *str, char *buf)
p = skip2dig(++p); /* skip width (2 digits at most) */ p = skip2dig(++p); /* skip width (2 digits at most) */
} }
*(buf++) = '%'; *(buf++) = '%';
strncpy(buf, str, p - str + 1); size_t mode_size = p - str + 1;
buf[p - str + 1] = '\0'; /* Leave 2 bytes for the leading % and the trailing '\0' */
if (mode_size > buf_len - 2) {
mode_size = buf_len - 2;
}
strncpy(buf, str, mode_size);
buf[mode_size] = '\0';
return p; return p;
} }
@ -632,7 +637,7 @@ int be_str_format(bvm *vm)
} }
pushstr(vm, format, p - format); pushstr(vm, format, p - format);
concat2(vm); concat2(vm);
p = get_mode(p + 1, mode); p = get_mode(p + 1, mode, sizeof(mode));
buf[0] = '\0'; buf[0] = '\0';
if (index > top && *p != '%') { if (index > top && *p != '%') {
be_raise(vm, "runtime_error", be_pushfstring(vm, be_raise(vm, "runtime_error", be_pushfstring(vm,

View File

@ -36,6 +36,10 @@ check(45.1e2, 4510)
check(45.e2, 4500) check(45.e2, 4500)
check(45.e+2, 4500) check(45.e+2, 4500)
# Ensure pathologically long numbers don't crash the lexer (or cause an buffer overflow)
assert(000000000000000000000000000000000000E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 == 0.0);
test_source('x = 5; 0...x;', 'unexpected symbol near \'.\'') test_source('x = 5; 0...x;', 'unexpected symbol near \'.\'')
test_source('x = 5; 0...x;', 'unexpected symbol near \'.\'') test_source('x = 5; 0...x;', 'unexpected symbol near \'.\'')
test_source('0xg', 'invalid hexadecimal number') test_source('0xg', 'invalid hexadecimal number')

View File

@ -149,6 +149,9 @@ assert(string.format("%s", false) == 'false')
assert(string.format("%q", "\ntest") == '\'\\ntest\'') assert(string.format("%q", "\ntest") == '\'\\ntest\'')
# corrupt format string should not crash the VM
string.format("%0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f", 3.5)
# format is now synonym to string.format # format is now synonym to string.format
assert(format == string.format) assert(format == string.format)
assert(format("%.1f", 3) == '3.0') assert(format("%.1f", 3) == '3.0')