From 12d2f8608046c5d43646e3c1dc277c0a2914ae1b Mon Sep 17 00:00:00 2001
From: Explorer09 <explorer09@gmail.com>
Date: Sat, 14 Oct 2017 00:31:01 +0800
Subject: [PATCH] scanner: temporarily protect against ccl overflow &
 overwriting.

For ccladd(), if cclp given is a non-last ccl, adding a char into it
will overflow the buffer and overwrite the first char in the next ccl.

For now, add a temporary detection and protection code.  (Not sure if
this could happen in user input, but if it could, then you can expect
some "corrupted" behavior for generated scanners.)
---
 src/ccl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/ccl.c b/src/ccl.c
index ff9a213..5c5af13 100644
--- a/src/ccl.c
+++ b/src/ccl.c
@@ -73,6 +73,13 @@ void ccladd (int cclp, int ch)
 
 	newpos = ind + len;
 
+	/* For a non-last cclp, expanding the set will overflow and overwrite a
+	 * char in the next cclp.
+	 * FIXME: Need another allocation scheme for ccl's. */
+	if (cclp != lastccl) {
+		flexfatal(_("internal error: trying to add a char to a non-last ccl.\n"));
+	}
+
 	if (newpos >= current_max_ccl_tbl_size) {
 		current_max_ccl_tbl_size += MAX_CCL_TBL_SIZE_INCREMENT;
 
-- 
1.8.3.1