Module Name:    src
Committed By:   rillig
Date:           Fri Jun 18 20:29:00 UTC 2021

Modified Files:
        src/usr.bin/xlint/lint1: lex.c

Log Message:
lint: fix hang on unfinished string literal at end-of-file

The input file that triggered this bug was:

        a"b"c"d

Found using afl.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/usr.bin/xlint/lint1/lex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/xlint/lint1/lex.c
diff -u src/usr.bin/xlint/lint1/lex.c:1.37 src/usr.bin/xlint/lint1/lex.c:1.38
--- src/usr.bin/xlint/lint1/lex.c:1.37	Tue Jun 15 20:46:45 2021
+++ src/usr.bin/xlint/lint1/lex.c	Fri Jun 18 20:29:00 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: lex.c,v 1.37 2021/06/15 20:46:45 rillig Exp $ */
+/* $NetBSD: lex.c,v 1.38 2021/06/18 20:29:00 rillig Exp $ */
 
 /*
  * Copyright (c) 1996 Christopher G. Demetriou.  All Rights Reserved.
@@ -38,7 +38,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: lex.c,v 1.37 2021/06/15 20:46:45 rillig Exp $");
+__RCSID("$NetBSD: lex.c,v 1.38 2021/06/18 20:29:00 rillig Exp $");
 #endif
 
 #include <ctype.h>
@@ -1304,7 +1304,7 @@ lex_string(void)
 	s = xmalloc(max = 64);
 
 	len = 0;
-	while ((c = get_escaped_char('"')) >= 0) {
+	while ((c = get_escaped_char('"')) > 0) {
 		/* +1 to reserve space for a trailing NUL character */
 		if (len + 1 == max)
 			s = xrealloc(s, max *= 2);

Reply via email to