diff options
author | John MacFarlane <jgm@berkeley.edu> | 2017-06-21 11:50:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-21 11:50:06 +0200 |
commit | 60aa732dcfc2578a96530bdd73262112fb6bbdf2 (patch) | |
tree | 0e26773e1b1e0551a1a174cadba2b0ff1e63e4d5 /src/scanners.re | |
parent | f3026b816d7a33e62824bd559692422206196c6d (diff) | |
parent | cc24db41b5d9f18644839dc27c565e7006a7323f (diff) |
Merge pull request #205 from github/dont-scan-past-eol
Don't scan past an EOL.
The existing negated character classes ([^…]) are careful to always include \x00 in the characters excluded, but these . catch-alls can scan right past the terminating NUL placed at the end of the buffer by _scan_at.
As such, buffer overruns can occur.
Also, don't scan past a newline in HTML block end scanners.
Diffstat (limited to 'src/scanners.re')
-rw-r--r-- | src/scanners.re | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/scanners.re b/src/scanners.re index b313736..a0650f2 100644 --- a/src/scanners.re +++ b/src/scanners.re @@ -156,7 +156,7 @@ bufsize_t _scan_html_block_end_1(const unsigned char *p) const unsigned char *marker = NULL; const unsigned char *start = p; /*!re2c - .* [<] [/] ('script'|'pre'|'style') [>] { return (bufsize_t)(p - start); } + [^\n\x00]* [<] [/] ('script'|'pre'|'style') [>] { return (bufsize_t)(p - start); } * { return 0; } */ } @@ -167,7 +167,7 @@ bufsize_t _scan_html_block_end_2(const unsigned char *p) const unsigned char *marker = NULL; const unsigned char *start = p; /*!re2c - .* '-->' { return (bufsize_t)(p - start); } + [^\n\x00]* '-->' { return (bufsize_t)(p - start); } * { return 0; } */ } @@ -178,7 +178,7 @@ bufsize_t _scan_html_block_end_3(const unsigned char *p) const unsigned char *marker = NULL; const unsigned char *start = p; /*!re2c - .* '?>' { return (bufsize_t)(p - start); } + [^\n\x00]* '?>' { return (bufsize_t)(p - start); } * { return 0; } */ } @@ -189,7 +189,7 @@ bufsize_t _scan_html_block_end_4(const unsigned char *p) const unsigned char *marker = NULL; const unsigned char *start = p; /*!re2c - .* '>' { return (bufsize_t)(p - start); } + [^\n\x00]* '>' { return (bufsize_t)(p - start); } * { return 0; } */ } @@ -200,7 +200,7 @@ bufsize_t _scan_html_block_end_5(const unsigned char *p) const unsigned char *marker = NULL; const unsigned char *start = p; /*!re2c - .* ']]>' { return (bufsize_t)(p - start); } + [^\n\x00]* ']]>' { return (bufsize_t)(p - start); } * { return 0; } */ } |