Quick patch to the Lemon parser template to avoid an array overread reported

by OSSFuzz. A proper fix involves enhancements to the table generators in Lemon to make the overread impossible. That fix will take longer to implement. The current check-in is a stop-gap. FossilOrigin-Name: 3f6730be4cb712a28401be6d96e56ccb3f2e98dd8961b477befec3f363715178
2025-08-01 06:27:03 +03:00 · 2018-07-01 16:05:40 +00:00
parent d2ac43ea38
commit 9f607e9c23
3 changed files with 9 additions and 8 deletions
--- a/tool/lempar.c
+++ b/tool/lempar.c
@ -550,6 +550,7 @@ static YYACTIONTYPE yy_find_shift_action(
 #if YY_SHIFT_MAX+YYWILDCARD>=YY_ACTTAB_COUNT
          j<YY_ACTTAB_COUNT &&
 #endif
+          j<sizeof(yy_lookahead)/sizeof(yy_lookahead[0]) &&
          yy_lookahead[j]==YYWILDCARD && iLookAhead>0
        ){
 #ifndef NDEBUG