From: H.G. Muller <h.g.muller@hccnet.nl>
Date: Fri, 30 Aug 2013 15:33:59 +0000 (+0200)
Subject: Fix buffer overflow in parser
X-Git-Url: http://winboard.nl/cgi-bin?p=xboard.git;a=commitdiff_plain;h=475bba1329094bb261b1017251900883c31b0f5c

Fix buffer overflow in parser

When a line ended with a comment, the parser had to read a line ahead
to check if there was a PGNresult following, without being able to
throw away the previous line yet. This could lead to buffer overflow
in a long game where every line ended in a comment. The buffer now is
cleansed of already parsed data when starting on a new syntactical unit.
---

diff --git a/parser.c b/parser.c
index 6da13d4..8b1dc3f 100644
--- a/parser.c
+++ b/parser.c
@@ -174,6 +174,10 @@ NextUnit (char **p)
 	    if(fromString) return 0; // we are parsing string, so the end is really the end
 	    *p = inPtr = inputBuf;
 	    if(!ReadLine()) return 0; // EOF
+	} else if(inPtr > inputBuf + PARSEBUFSIZE/2) { // buffer fills up with already parsed stuff
+	    char *q = *p, *r = inputBuf;
+	    while(*r++ = *q++);
+	    *p = inputBuf; inPtr = r - 1;
 	}
 	parseStart = oldp = *p; // remember where we begin
 
diff --git a/winboard/config.h b/winboard/config.h
index 7b64b56..bd928ca 100644
--- a/winboard/config.h
+++ b/winboard/config.h
@@ -55,7 +55,7 @@
 #define PACKAGE_VERSION "4.7.2"
 
 /* Define the Windows-specific FILE version info.  this *MUST* be four comma separated 16-bit integers */
-#define PACKAGE_FILEVERSION 4,7,2013,0828
+#define PACKAGE_FILEVERSION 4,7,2013,828
 
 #define PTY_ITERATION