Fix potential buffer overrun in #emit and __emit

2019-01-01 19:28:59 +07:00 · 2019-01-01 19:28:59 +07:00 · 4b490e8ec2
commit 4b490e8ec2
parent 62779691ab
2 changed files with 5 additions and 5 deletions
--- a/source/compiler/sc1.c
+++ b/source/compiler/sc1.c
@ -6948,13 +6948,13 @@ SC_FUNC void emit_parse_line(void)
     * and copy the instruction name
     */
    lptr-=len;
-    for (i=0; i<sizeof(name) && (isalnum(*lptr) || *lptr=='.'); ++i,++lptr)
+    for (i=0; i<sizeof(name)-1 && (isalnum(*lptr) || *lptr=='.'); ++i,++lptr)
      name[i]=(char)tolower(*lptr);
    name[i]='\0';

    /* find the corresponding argument handler and call it */
-    i=emit_findopcode(name,strlen(name));
-    if (emit_opcodelist[i].name==NULL && *name!='\0')
+    i=emit_findopcode(name,i);
+    if (emit_opcodelist[i].name==NULL && name[0]!='\0')
      error(104,name); /* invalid assembler instruction */
    emit_opcodelist[i].func(name);
  } else if (tok==tLABEL) {
--- a/source/compiler/sc2.c
+++ b/source/compiler/sc2.c
@ -1337,12 +1337,12 @@ static int command(void)
  case tpEMIT: {
    if (!SKIPPING) {
      /* write opcode to output file */
-      char name[40];
+      char name[MAX_INSTR_LEN];
      int i;
      insert_dbgline(fline);
      while (*lptr<=' ' && *lptr!='\0')
        lptr++;
-      for (i=0; i<40 && (isalpha(*lptr) || *lptr=='.'); i++,lptr++)
+      for (i=0; i<sizeof(name)-1 && (isalpha(*lptr) || *lptr=='.'); i++,lptr++)
        name[i]=(char)tolower(*lptr);
      name[i]='\0';
      stgwrite("\t");