Module Name: src Committed By: rillig Date: Fri Jun 18 20:29:00 UTC 2021
Modified Files: src/usr.bin/xlint/lint1: lex.c Log Message: lint: fix hang on unfinished string literal at end-of-file The input file that triggered this bug was: a"b"c"d Found using afl. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/usr.bin/xlint/lint1/lex.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.bin/xlint/lint1/lex.c diff -u src/usr.bin/xlint/lint1/lex.c:1.37 src/usr.bin/xlint/lint1/lex.c:1.38 --- src/usr.bin/xlint/lint1/lex.c:1.37 Tue Jun 15 20:46:45 2021 +++ src/usr.bin/xlint/lint1/lex.c Fri Jun 18 20:29:00 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: lex.c,v 1.37 2021/06/15 20:46:45 rillig Exp $ */ +/* $NetBSD: lex.c,v 1.38 2021/06/18 20:29:00 rillig Exp $ */ /* * Copyright (c) 1996 Christopher G. Demetriou. All Rights Reserved. @@ -38,7 +38,7 @@ #include <sys/cdefs.h> #if defined(__RCSID) && !defined(lint) -__RCSID("$NetBSD: lex.c,v 1.37 2021/06/15 20:46:45 rillig Exp $"); +__RCSID("$NetBSD: lex.c,v 1.38 2021/06/18 20:29:00 rillig Exp $"); #endif #include <ctype.h> @@ -1304,7 +1304,7 @@ lex_string(void) s = xmalloc(max = 64); len = 0; - while ((c = get_escaped_char('"')) >= 0) { + while ((c = get_escaped_char('"')) > 0) { /* +1 to reserve space for a trailing NUL character */ if (len + 1 == max) s = xrealloc(s, max *= 2);