diff options
author | Victor Westerhuis <victor@westerhu.is> | 2021-12-03 12:09:09 +0100 |
---|---|---|
committer | Victor Westerhuis <victor@westerhu.is> | 2021-12-03 12:09:09 +0100 |
commit | fa3e0023604b4c0f91b46e023d1354b0834a7590 (patch) | |
tree | 669cdca154691aaab07ae626a713fb8613de60b8 /src/pdarun.c | |
parent | fc61ecb3a22b89864916ec538eaf04840e7dd6b5 (diff) | |
download | colm-fa3e0023604b4c0f91b46e023d1354b0834a7590.tar.gz |
Fix out-of-bounds memcpy
memcpy in string_alloc_full was copying 32 bytes, while the string
is only 25 bytes including the terminating null byte.
Diffstat (limited to 'src/pdarun.c')
-rw-r--r-- | src/pdarun.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/pdarun.c b/src/pdarun.c index c958273e..e7f3a7d9 100644 --- a/src/pdarun.c +++ b/src/pdarun.c @@ -382,7 +382,8 @@ static void report_parse_error( program_t *prg, tree_t **sp, struct pda_run *pda /* If there are no error points on record assume the error occurred at the * beginning of the stream. */ if ( deepest == 0 ) { - error_head = string_alloc_full( prg, "<input>:1:1: parse error", 32 ); + const char *parse_error_string = "<input>:1:1: parse error"; + error_head = string_alloc_full( prg, parse_error_string, strlen( parse_error_string ) ); error_head->location = location_allocate( prg ); error_head->location->line = 1; error_head->location->column = 1; |