cfg-source: do proper boundary checking of yylloc values

bazsi · bazsi · commit 9d488d67cbfc · 2025-01-24T22:25:12.000+01:00
Sometimes location tracking is buggy, make sure we don't address outside
of the source text.

Signed-off-by: Balazs Scheidler &lt;balazs.scheidler@axoflow.com&gt;
diff --git a/lib/cfg-source.c b/lib/cfg-source.c
@@ -248,10 +248,18 @@ _extract_source_from_buffer_location(GString *result, CfgIncludeLevel *level, co
 
       if (lineno == yylloc->first_line)
         {
+          gint token_start = MIN(linelen, yylloc->first_column - 1);
+
           if (yylloc->first_line == yylloc->last_line)
-            g_string_append_len(result, &line[MIN(linelen, yylloc->first_column-1)], yylloc->last_column - yylloc->first_column);
+            {
+              /* both last_column & first_column are 1 based, they cancel that out */
+              gint token_len = yylloc->last_column - yylloc->first_column;
+              if (token_start + token_len > linelen)
+                token_len = linelen - token_start;
+              g_string_append_len(result, &line[token_start], token_len);
+            }
           else
-            g_string_append(result, &line[MIN(linelen, yylloc->first_column-1)]);
+            g_string_append(result, &line[token_start]);
         }
       else if (lineno < yylloc->last_line)
         {
@@ -260,8 +268,12 @@ _extract_source_from_buffer_location(GString *result, CfgIncludeLevel *level, co
         }
       else if (lineno == yylloc->last_line)
         {
+          /* last_column is 1 based */
+          gint token_len = yylloc->last_column - 1;
+          if (token_len > linelen)
+            token_len = linelen;
           g_string_append_c(result, ' ');
-          g_string_append_len(result, line, yylloc->last_column);
+          g_string_append_len(result, line, token_len);
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -248,10 +248,18 @@ _extract_source_from_buffer_location(GString result, CfgIncludeLevel level, co`
`248`	`248`
`249`	`249`	`if (lineno == yylloc->first_line)`
`250`	`250`	`{`
	`251`	`+ gint token_start = MIN(linelen, yylloc->first_column - 1);`
	`252`	`+`
`251`	`253`	`if (yylloc->first_line == yylloc->last_line)`
`252`		`- g_string_append_len(result, &line[MIN(linelen, yylloc->first_column-1)], yylloc->last_column - yylloc->first_column);`
	`254`	`+ {`
	`255`	`+ /* both last_column & first_column are 1 based, they cancel that out */`
	`256`	`+ gint token_len = yylloc->last_column - yylloc->first_column;`
	`257`	`+ if (token_start + token_len > linelen)`
	`258`	`+ token_len = linelen - token_start;`
	`259`	`+ g_string_append_len(result, &line[token_start], token_len);`
	`260`	`+ }`
`253`	`261`	`else`
`254`		`- g_string_append(result, &line[MIN(linelen, yylloc->first_column-1)]);`
	`262`	`+ g_string_append(result, &line[token_start]);`
`255`	`263`	`}`
`256`	`264`	`else if (lineno < yylloc->last_line)`
`257`	`265`	`{`
`@@ -260,8 +268,12 @@ _extract_source_from_buffer_location(GString result, CfgIncludeLevel level, co`
`260`	`268`	`}`
`261`	`269`	`else if (lineno == yylloc->last_line)`
`262`	`270`	`{`
	`271`	`+ /* last_column is 1 based */`
	`272`	`+ gint token_len = yylloc->last_column - 1;`
	`273`	`+ if (token_len > linelen)`
	`274`	`+ token_len = linelen;`
`263`	`275`	`g_string_append_c(result, ' ');`
`264`		`- g_string_append_len(result, line, yylloc->last_column);`
	`276`	`+ g_string_append_len(result, line, token_len);`
`265`	`277`	`}`
`266`	`278`	`}`
`267`	`279`