From d442ab79ca91616ab15acb342013e489db5b67c2 Mon Sep 17 00:00:00 2001
From: evan <evanbonner99@gmail.com>
Date: Mon, 6 Mar 2023 20:46:16 +0000
Subject: Fix buffer overrun in yylex

---
 src/lex.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/lex.c b/src/lex.c
index c71fef1..1b70241 100644
--- a/src/lex.c
+++ b/src/lex.c
@@ -157,23 +157,23 @@ int yylex() {
             ret = WORD;
             if (!linelim || isfunc) {
                 if (isfunc) isfunc--;
-                for (tblp = linelim ? experres : statres; tblp->key; tblp++)
-                    if (((tblp->key[0]^tokenst[0])&0137)==0
-                        && tblp->key[tokenl]==0) {
-                    int i = 1;
-                    while (i<tokenl && ((tokenst[i]^tblp->key[i])&0137)==0)
-                        i++;
-                    if (i >= tokenl) {
-                        ret = tblp->val;
-                        colstate = (ret <= S_FORMAT);
-                        if (isgoto) {
-                            isfunc = isgoto = 0;
-                            if (ret != K_ERROR && ret != K_INVALID)
-                                ret = WORD;
+                for (tblp = linelim ? experres : statres; tblp->key; tblp++) {
+                    if (((tblp->key[0]^tokenst[0])&0137)==0) {
+                        int i = 1;
+                        while (i<tokenl && ((tokenst[i]^tblp->key[i])&0137)==0)
+                            i++;
+                        if (i >= tokenl) {
+                            ret = tblp->val;
+                            colstate = (ret <= S_FORMAT);
+                            if (isgoto) {
+                                isfunc = isgoto = 0;
+                                if (ret != K_ERROR && ret != K_INVALID)
+                                    ret = WORD;
                             }
                             break;
                         }
                     }
+                }
             }
 
             if (ret == WORD) {
-- 
cgit v1.2.3


From 9da214a7a36393c0342258679690a83f6405a30a Mon Sep 17 00:00:00 2001
From: evan <evanbonner99@gmail.com>
Date: Mon, 6 Mar 2023 21:16:06 +0000
Subject: Fix UB on parser error and buffer overrun in yylex

---
 src/gram.y | 11 +++++++----
 src/lex.c  |  4 ++--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/gram.y b/src/gram.y
index 606181c..c9f7888 100755
--- a/src/gram.y
+++ b/src/gram.y
@@ -1239,12 +1239,15 @@ command:
     |    // nothing
     |    error   {
                      sc_error("syntax error: %s", line);
-                     line[0]='\0';
+                     YYABORT;
+
                      //linelim = 0;
                      //yyparse();
-                     linelim = -1;
-                     yyclearin;
-                     yyerrok;
+
+                     //line[0]='\0';
+                     //linelim = -1;
+                     //yyclearin;
+                     //yyerrok;
                  };
 
 term:   var                       {
diff --git a/src/lex.c b/src/lex.c
index 1b70241..5ff8eda 100644
--- a/src/lex.c
+++ b/src/lex.c
@@ -160,9 +160,9 @@ int yylex() {
                 for (tblp = linelim ? experres : statres; tblp->key; tblp++) {
                     if (((tblp->key[0]^tokenst[0])&0137)==0) {
                         int i = 1;
-                        while (i<tokenl && ((tokenst[i]^tblp->key[i])&0137)==0)
+                        while (tblp->key[i] && i<tokenl && ((tokenst[i]^tblp->key[i])&0137)==0)
                             i++;
-                        if (i >= tokenl) {
+                        if (i >= tokenl && tblp->key[i] == '\0') {
                             ret = tblp->val;
                             colstate = (ret <= S_FORMAT);
                             if (isgoto) {
-- 
cgit v1.2.3