Harden string processing during parsing in lexer.l, config_gram.y and otherwise

- Replace strdup(s) with cfg_strdup(funname, s) that exits on out of mem - Replace malloc(n) with cfg_malloc(funname, n) that exits on out of mem - Change multiline string scanning in lexer.l to avoid core dump - Remove global variables string_buf and string_bug_ptr - Ensure reading strings unescapes strings C-Style - Ensure writing strings escapes strings C-Style again Commit looks longer than needed as unescape() and auxiliary functions needed to be moved from term.c (not in libavrdude) to config.c (in libavrdude).
2025-10-09 04:01:01 +00:00 · 2022-08-09 21:20:44 +01:00
parent 8a717987ec
commit 22c4dbf23e
14 changed files with 355 additions and 402 deletions
--- a/src/pindefs.c
+++ b/src/pindefs.c
@@ -350,7 +350,7 @@ const char * pins_to_str(const struct pindef_t * const pindef) {
 * This function returns a string of defined pins, eg, ~1, 2, ~4, ~5, 7 or ""
 *
 * @param[in] pindef the pin definition for which we want the string representation
- * @returns a pointer to a string, which was created by strdup (NULL if out of memory)
+ * @returns a pointer to a string, which was created by strdup
 */
 char *pins_to_strdup(const struct pindef_t * const pindef) {
  char buf[6*(PIN_MAX+1)], *p = buf;
@@ -365,7 +365,7 @@ char *pins_to_strdup(const struct pindef_t * const pindef) {
    }
  }

-  return strdup(buf);
+  return cfg_strdup("pins_to_strdup()", buf);
 }

 /**