diff options
| author | Mike Dalessio <mike.dalessio@gmail.com> | 2023-08-29 22:40:29 -0400 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2023-08-30 18:27:50 +0000 |
| commit | 46e47404a8734efd7f312e29e2fb705dd2f40291 (patch) | |
| tree | 8298b0586e41c9a25fe70e6e9f93f653d2faaeca | |
| parent | c83552a596a34808651efca29a4f480bb5c579c6 (diff) | |
[ruby/yarp] fix: trailing decimal, binary, octal, and hex numbers at end of file
Previously this resulted in invalid memory access.
Found by the fuzzer.
https://github.com/ruby/yarp/commit/af5b85a27a
| -rw-r--r-- | test/yarp/fuzzer_test.rb | 4 | ||||
| -rw-r--r-- | yarp/yarp.c | 12 |
2 files changed, 12 insertions, 4 deletions
diff --git a/test/yarp/fuzzer_test.rb b/test/yarp/fuzzer_test.rb index 97f128f08b..6f8cde0d09 100644 --- a/test/yarp/fuzzer_test.rb +++ b/test/yarp/fuzzer_test.rb @@ -17,4 +17,8 @@ class FuzzerTest < Test::Unit::TestCase snippet "incomplete escaped string", '"\\' snippet "trailing comment", "1\n#\n" snippet "trailing asterisk", "a *" + snippet "incomplete decimal number", "0d" + snippet "incomplete binary number", "0b" + snippet "incomplete octal number", "0o" + snippet "incomplete hex number", "0x" end diff --git a/yarp/yarp.c b/yarp/yarp.c index 0d6b55a65e..6b2a3c64e8 100644 --- a/yarp/yarp.c +++ b/yarp/yarp.c @@ -4997,7 +4997,8 @@ lex_numeric_prefix(yp_parser_t *parser) { // 0d1111 is a decimal number case 'd': case 'D': - if (yp_char_is_decimal_digit(*++parser->current.end)) { + parser->current.end++; + if (yp_char_is_decimal_digit(peek(parser))) { parser->current.end += yp_strspn_decimal_number(parser->current.end, parser->end - parser->current.end); } else { yp_diagnostic_list_append(&parser->error_list, parser->current.start, parser->current.end, "Invalid decimal number."); @@ -5008,7 +5009,8 @@ lex_numeric_prefix(yp_parser_t *parser) { // 0b1111 is a binary number case 'b': case 'B': - if (yp_char_is_binary_digit(*++parser->current.end)) { + parser->current.end++; + if (yp_char_is_binary_digit(peek(parser))) { parser->current.end += yp_strspn_binary_number(parser->current.end, parser->end - parser->current.end); } else { yp_diagnostic_list_append(&parser->error_list, parser->current.start, parser->current.end, "Invalid binary number."); @@ -5019,7 +5021,8 @@ lex_numeric_prefix(yp_parser_t *parser) { // 0o1111 is an octal number case 'o': case 'O': - if (yp_char_is_octal_digit(*++parser->current.end)) { + parser->current.end++; + if (yp_char_is_octal_digit(peek(parser))) { parser->current.end += yp_strspn_octal_number(parser->current.end, parser->end - parser->current.end); } else { yp_diagnostic_list_append(&parser->error_list, parser->current.start, parser->current.end, "Invalid octal number."); @@ -5043,7 +5046,8 @@ lex_numeric_prefix(yp_parser_t *parser) { // 0x1111 is a hexadecimal number case 'x': case 'X': - if (yp_char_is_hexadecimal_digit(*++parser->current.end)) { + parser->current.end++; + if (yp_char_is_hexadecimal_digit(peek(parser))) { parser->current.end += yp_strspn_hexadecimal_number(parser->current.end, parser->end - parser->current.end); } else { yp_diagnostic_list_append(&parser->error_list, parser->current.start, parser->current.end, "Invalid hexadecimal number."); |