xkbcomp: Stop possible overflow in yyGetnumber. #31647

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=31647 Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com> Reviewed-by: Dan Nicholson <dbn.lists@gmail.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
author: Alistair Leslie-Hughes <leslie_alistair@hotmail.com> 2011-04-01 20:26:30 +1100
committer: Peter Hutterer <peter.hutterer@who-t.net> 2011-04-04 08:50:04 +1000
commit: a2877e92bd9f9c1532b5cd12cc484ff3cdbc6a0a (patch)
tree: da50312b2f2388b9e75169d4b7a075111c19d181 /xkbscan.c
parent: 0b8527a3836cde77269461e22844857bf33e0aea (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/xkbscan.c b/xkbscan.c
index 03193e2..814a123 100644
--- a/xkbscan.c
+++ b/xkbscan.c
@@ -606,14 +606,16 @@ yyGetIdent(int first)
 static int
 yyGetNumber(int ch)
 {
+    const int nMaxBuffSize = 1024;
     int isFloat = 0;
-    char buf[1024];
+    char buf[nMaxBuffSize];
     int nInBuf = 0;
 
     buf[0] = ch;
     nInBuf = 1;
     while (((ch = scanchar()) != EOF)
-           && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x'))))
+           && (isxdigit(ch) || ((nInBuf == 1) && (ch == 'x')))
+           && nInBuf < nMaxBuffSize)
     {
         buf[nInBuf++] = ch;
     }
@@ -621,7 +623,8 @@ yyGetNumber(int ch)
     {
         isFloat = 1;
         buf[nInBuf++] = ch;
-        while (((ch = scanchar()) != EOF) && (isxdigit(ch)))
+        while (((ch = scanchar()) != EOF) && (isxdigit(ch))
+               && nInBuf < nMaxBuffSize)
         {
             buf[nInBuf++] = ch;
         }
author	Alistair Leslie-Hughes <leslie_alistair@hotmail.com>	2011-04-01 20:26:30 +1100
committer	Peter Hutterer <peter.hutterer@who-t.net>	2011-04-04 08:50:04 +1000
commit	a2877e92bd9f9c1532b5cd12cc484ff3cdbc6a0a (patch)
tree	da50312b2f2388b9e75169d4b7a075111c19d181 /xkbscan.c
parent	0b8527a3836cde77269461e22844857bf33e0aea (diff)