[ nedit-Bugs-1640304 ] buffer overflow while parsing 'define'

[SourceForge.net]

Bugs item #1640304, was opened at 2007-01-20 16:52
Message generated for change (Comment added) made by ajbj
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=1640304&group_id=11005

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Bert Wesarg (lebert)
Assigned to: Nobody/Anonymous (nobody)
Summary: buffer overflow while parsing 'define'

Initial Comment:
there is a buffer overflow, when function names are longer than MAX_SYM_LEN (defined in interpret.h:36) in macro.c:readCheckMacroString() line 865.
beside this, this function don't check if the function name starts only with a letter, but i don't know whether this rule apply to function names.

----------------------------------------------------------------------

Comment By: Tony Balinski (ajbj)
Date: 2007-01-26 01:06

Message:
Logged In: YES 
user_id=618141
Originator: NO

Checked in (added extra brace pair for clarity)

----------------------------------------------------------------------

Comment By: Tony Balinski (ajbj)
Date: 2007-01-26 00:19

Message:
Logged In: YES 
user_id=618141
Originator: NO

I intend to check this in. It's definitely an improvement on the existing
code.

----------------------------------------------------------------------

Comment By: Bert Wesarg (lebert)
Date: 2007-01-22 22:04

Message:
Logged In: YES 
user_id=122956
Originator: YES

patch attached, to prevent buffer overflow and return error message
File Added: fix-buffer-overflow-in-macro_c.patch

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=1640304&group_id=11005