Skip to content

Commit

Permalink
protect against malicious input
Browse files Browse the repository at this point in the history
  • Loading branch information
nimble-code committed Mar 1, 2020
1 parent 47394bd commit 913e343
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 7 deletions.
15 changes: 12 additions & 3 deletions Src/run.c
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,8 @@ nonprogress(void) /* np_ */

int
eval(Lextok *now)
{
{ int temp;

if (now) {
lineno = now->ln;
Fname = now->fn;
Expand All @@ -373,11 +374,19 @@ eval(Lextok *now)
case UMIN: return -eval(now->lft);
case '~': return ~eval(now->lft);

case '/': return (eval(now->lft) / eval(now->rgt));
case '/': temp = eval(now->rgt);
if (temp == 0)
{ fatal("division by zero", (char *) 0);
}
return (eval(now->lft) / temp);
case '*': return (eval(now->lft) * eval(now->rgt));
case '-': return (eval(now->lft) - eval(now->rgt));
case '+': return (eval(now->lft) + eval(now->rgt));
case '%': return (eval(now->lft) % eval(now->rgt));
case '%': temp = eval(now->rgt);
if (temp == 0)
{ fatal("taking modulo of zero", (char *) 0);
}
return (eval(now->lft) % temp);
case LT: return (eval(now->lft) < eval(now->rgt));
case GT: return (eval(now->lft) > eval(now->rgt));
case '&': return (eval(now->lft) & eval(now->rgt));
Expand Down
14 changes: 12 additions & 2 deletions Src/spin.y
Original file line number Diff line number Diff line change
Expand Up @@ -776,8 +776,18 @@ const_expr: CONST { $$ = $1; }
| const_expr '+' const_expr { $$ = $1; $$->val = $1->val + $3->val; }
| const_expr '-' const_expr { $$ = $1; $$->val = $1->val - $3->val; }
| const_expr '*' const_expr { $$ = $1; $$->val = $1->val * $3->val; }
| const_expr '/' const_expr { $$ = $1; $$->val = $1->val / $3->val; }
| const_expr '%' const_expr { $$ = $1; $$->val = $1->val % $3->val; }
| const_expr '/' const_expr { $$ = $1;
if ($3->val == 0)
{ fatal("division by zero", (char *) 0);
}
$$->val = $1->val / $3->val;
}
| const_expr '%' const_expr { $$ = $1;
if ($3->val == 0)
{ fatal("attempt to take modulo of zero", (char *) 0);
}
$$->val = $1->val % $3->val;
}
;

expr : l_par expr r_par { $$ = $2; }
Expand Down
4 changes: 3 additions & 1 deletion Src/spinlex.c
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,9 @@ Getchar(void)
return c; /* expanded select statement */
}
if (Inlining<0)
{ c = getc(yyin);
{ do { c = getc(yyin);
} while (c == 0); // ignore null chars
// eventually there will always be an EOF
} else
{ c = getinline();
}
Expand Down
2 changes: 1 addition & 1 deletion Src/version.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@
* Tool documentation is available at http://spinroot.com
*/

#define SpinVersion "Spin Version 6.5.1 -- 29 February 2020"
#define SpinVersion "Spin Version 6.5.1 -- 1 March 2020"

0 comments on commit 913e343

Please sign in to comment.