mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb151051d79a7ec176e769a33a56e7d906fc1425
libreoffice/soltools/cpp/cpp.h
Stephan Bergmann dac11d8d50 Make cpp cope with long source lines 
under --with-lang=ALL it had started to crash during e.g.

> LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}".../instdir/program:.../instdir/program" .../workdir/LinkTarget/Executable/cpp -+ -P -DWITH_POSTGRESQL_SDBC -DWITH_FIREBIRD_SDBC -DWITHOUT_EXTENSION_MEDIAWIKI -DWITHOUT_SCRIPTING_BEANSHELL -DWITHOUT_SCRIPTING_JAVASCRIPT -DWITH_HELPPACK_INTEGRATION -DWITH_EXTENSION_INTEGRATION -DENABLE_EXTENSION_UPDATE -DX86_64 -DLINUX -D_PTHREADS -DUNIX -DUNX -DCOMID=gcc3 -D_gcc3 -DWITH_LPSOLVER -I.../scp2/inc -I.../workdir -I.../config_host -I.../workdir/CustomTarget/scp2/macros -I.../workdir/ScpTemplateTarget/scp2/source/templates .../scp2/source/calc/file_calc.scp > .../workdir/ScpPreprocessTarget/scp2/source/calc/file_calc.pre

because of

> Syscall param read(buf) points to unaddressable byte(s)
>    at 0x4F31A80: __read_nocancel (syscall-template.S:84)
>    by 0x404F98: fillbuf (_lex.c:631)
>    by 0x404CCF: gettokens (_lex.c:479)
>    by 0x400F0A: process (_cpp.c:77)
>    by 0x400E80: main (_cpp.c:60)
>  Address 0x5278494 is 0 bytes after a block of size 32,772 alloc'd
>    at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
>    by 0x402034: domalloc (_cpp.c:321)
>    by 0x40554F: setsource (_lex.c:679)
>    by 0x403E38: doinclude (_include.c:130)
>    by 0x401F9D: control (_cpp.c:297)
>    by 0x401002: process (_cpp.c:101)
>    by 0x400E80: main (_cpp.c:60)

There appears to be no other check that fillbuf doesn't overflow the Source's
input buffer, other than gettokens checking that the buffer isn't more than
three quarters full ("if (ip >= s->inb + (3 * INS / 4)) ...").  That smells like
cpp assumes input lines to be shorter than some maximum number of characters
(like the C99 standard setting a minimum limit of "4095 characters in logical
source lines"), and

> #define README_TXT_ALL_LANG(key, name, ext) \
> 	key (af) = READMETXTFILENAME(name,_af,ext); \
> 	Name (am) = CONFIGLANGFILENAME(name,am,ext); \
> 	Name (ar) = CONFIGLANGFILENAME(name,ar,ext); \
[...]
> 	Name (zh-CN) = CONFIGLANGFILENAME(name,zh-CN,ext); \
> 	Name (zh-TW) = CONFIGLANGFILENAME(name,zh-TW,ext); \
> 	key (zu) = READMETXTFILENAME(name,_zu,ext)

in workdir/CustomTarget/scp2/macros/langmacros.inc (which appears to be the
culprit here) exceeding that limit under --with-lang=ALL.

So just bump the input buffer size.

Change-Id: I5d863050fb772dc7e691a604009ff8702dc718e3
2017-08-21 13:52:47 +02:00

252 lines
8.0 KiB
C
Raw Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
#include <stdlib.h>
#include <string.h>
#define INS 327680 /* input buffer */
#define OBS 8092 /* output buffer */
#define NARG 32 /* Max number arguments to a macro */
#define NINCLUDE 48 /* Max number of include directories (-I) */
#define NIF 64 /* depth of nesting of #if */
#define NINC 32 /* depth of nesting of #include */
#ifndef EOF
#define EOF (-1)
#endif
#ifndef NULL
#define NULL 0
#endif
typedef unsigned char uchar;
enum toktype
{
END, UNCLASS, NAME, NUMBER, STRING, CCON, NL, WS, DSHARP,
EQ, NEQ, LEQ, GEQ, LSH, RSH, LAND, LOR, PPLUS, MMINUS,
ARROW, SBRA, SKET, LP, RP, DOT, AND, STAR, PLUS, MINUS,
TILDE, NOT, SLASH, PCT, LT, GT, CIRC, OR, QUEST,
COLON, ASGN, COMMA, SHARP, SEMIC, CBRA, CKET,
ASPLUS, ASMINUS, ASSTAR, ASSLASH, ASPCT, ASCIRC, ASLSH,
ASRSH, ASOR, ASAND, ELLIPS,
DSHARP1, NAME1, NAME2, DEFINED, UMINUS, ARCHITECTURE, IDENT,
COMMENT
};
enum kwtype
{
KIF, KIFDEF, KIFNDEF, KELIF, KELSE, KENDIF, KINCLUDE, KINCLUDENEXT,
KIMPORT, KDEFINE, KUNDEF, KLINE, KERROR, KPRAGMA, KIDENT, KDEFINED,
KMACHINE, KLINENO, KFILE, KDATE, KTIME, KSTDC, KEVAL
};
extern void setup_kwtab(void);
#define ISDEFINED 0x01 /* has #defined value */
#define ISKW 0x02 /* is PP keyword */
#define ISUNCHANGE 0x04 /* can't be #defined in PP */
#define ISMAC 0x08 /* builtin macro, e.g. __LINE__ */
#define ISARCHITECTURE 0x10 /* architecture */
#define ISACTIVE 0x80 /* is macro currently expanded */
#define EOB 0xFE /* sentinel for end of input buffer */
#define EOFC 0xFD /* sentinel for end of input file */
#define XPWS 1 /* token flag: white space to assure token sep. */
#define XTWS 2
typedef struct token
{
unsigned char type;
size_t wslen;
size_t len;
uchar *t;
unsigned int identifier; /* used from macro processor to identify where a macro becomes valid again. */
} Token;
typedef struct tokenrow
{
Token *tp; /* current one to scan */
Token *bp; /* base (allocated value) */
Token *lp; /* last+1 token used */
size_t max; /* number allocated */
} Tokenrow;
typedef struct source
{
char *filename; /* name of file of the source */
int line; /* current line number */
int lineinc; /* adjustment for \\n lines */
uchar *inb; /* input buffer */
uchar *inp; /* input pointer */
uchar *inl; /* end of input */
int fd; /* input source */
int ifdepth; /* conditional nesting in include */
int pathdepth;
int wrap;
struct source *next; /* stack for #include */
} Source;
typedef struct nlist
{
struct nlist *next;
uchar *name;
size_t len;
Tokenrow *vp; /* value as macro */
Tokenrow *ap; /* list of argument names, if any */
char val; /* value as preprocessor name */
char flag; /* is defined, is pp name */
uchar *loc; /* location of definition */
} Nlist;
typedef struct includelist
{
char deleted;
char always;
char *file;
} Includelist;
typedef struct wraplist
{
char *file;
} Wraplist;
#define new(t) (t *)domalloc(sizeof(t))
#define quicklook(a,b) (namebit[(a)&077] & (1U<<((b)&037)))
#define quickset(a,b) namebit[(a)&077] |= (1U<<((b)&037))
extern unsigned long namebit[077 + 1];
enum errtype
{
INFO, WARNING, ERROR, FATAL
};
typedef struct macroValidator
{
Nlist * pMacro;
unsigned int nTokenWhereMacroBecomesValid;
struct macroValidator *
pNext;
} MacroValidator;
typedef struct mvl
{
MacroValidator * pFirst;
unsigned int nextFreeIdentifier;
} MacroValidatorList;
void mvl_init(
MacroValidatorList *
out_pValidators);
void mvl_destruct(
MacroValidatorList *
out_pValidators);
/* Adds MacroValidator to the list.
*/
void mvl_add(
MacroValidatorList *
inout_pValidators,
Nlist * in_pMacro,
Token * in_pTokenWhereMacroBecomesValid);
/* Checks if one of the validators within the list points to
the token in_pTokenToCheck. If so, the macro is set valid and
the validator is removed.
*/
void mvl_check(
MacroValidatorList *
inout_pValidators,
Token const * inout_pTokenToCheck);
void tokenrow_zeroTokenIdentifiers(Tokenrow* trp);
void expandlex(void);
void fixlex(void);
void setup(int, char **);
int gettokens(Tokenrow *, int);
int comparetokens(Tokenrow *, Tokenrow *);
Source *setsource(char *, int, int, char const *, int);
void unsetsource(void);
void puttokens(Tokenrow *);
void process(Tokenrow *);
void *domalloc(size_t);
void dofree(void *);
void error(enum errtype, char *,...);
void flushout(void);
int fillbuf(Source *);
int trigraph(Source *);
int foldline(Source *);
Nlist *lookup(Token *, int);
void control(Tokenrow *);
void dodefine(Tokenrow *);
void doadefine(Tokenrow *, int);
void doinclude(Tokenrow *, int, int);
void expand(Tokenrow *, Nlist *, MacroValidatorList *);
void builtin(Tokenrow *, int);
int gatherargs(Tokenrow *, Tokenrow **, int *);
void substargs(Nlist *, Tokenrow *, Tokenrow **);
void expandrow(Tokenrow *, char *);
void maketokenrow(int, Tokenrow *);
Tokenrow *copytokenrow(Tokenrow *, Tokenrow const *);
Token *growtokenrow(Tokenrow *);
Tokenrow *normtokenrow(Tokenrow *);
void adjustrow(Tokenrow *, int);
void movetokenrow(Tokenrow *, Tokenrow const *);
void insertrow(Tokenrow *, int, Tokenrow const *);
void peektokens(Tokenrow *, char *);
void doconcat(Tokenrow *);
Tokenrow *stringify(Tokenrow *);
int lookuparg(Nlist *, Token const *);
long eval(Tokenrow *, int);
void genline(void);
void genimport(char const *, int, char const *, int);
void genwrap(int);
void setempty(Tokenrow *);
void makespace(Tokenrow *, Token *);
char *outnum(char *, int);
int digit(int);
uchar *newstring(uchar const *, size_t, size_t);
#define rowlen(tokrow) ((tokrow)->lp - (tokrow)->bp)
extern char *outptr;
extern Token nltoken;
extern Source *cursource;
extern char *curtime;
extern int incdepth;
extern int ifdepth;
extern int ifsatisfied[NIF];
extern int Mflag;
extern int Iflag;
extern int Pflag;
extern int Aflag;
extern int Lflag;
extern int Xflag;
extern int Vflag;
extern int Cflag;
extern int Dflag;
extern int Cplusplus;
extern int skipping;
extern Nlist *kwdefined;
extern Includelist includelist[NINCLUDE];
extern Wraplist wraplist[NINCLUDE];
extern char wd[];
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
Reference in New Issue View Git Blame Copy Permalink