From 4a5255916e8d0066aff94ff47c4886754cd118ae Mon Sep 17 00:00:00 2001
From: rmoore1 <rmoore1>
Date: Wed, 28 Jun 2006 16:14:37 +0000
Subject: [PATCH] Fix for buffer overflow on long ASL string literals. BZ 436

---
 source/compiler/aslcompiler.l | 42 +++++++++++++++++++++++++++--------
 source/compiler/aslglobal.h   |  5 +++--
 source/compiler/asltypes.h    |  8 ++++---
 3 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/source/compiler/aslcompiler.l b/source/compiler/aslcompiler.l
index 21075e1f4..ce8359921 100644
--- a/source/compiler/aslcompiler.l
+++ b/source/compiler/aslcompiler.l
@@ -3,7 +3,7 @@
 /******************************************************************************
  *
  * Module Name: aslcompiler.l - Flex input file
- *              $Revision: 1.77 $
+ *              $Revision: 1.78 $
  *
  *****************************************************************************/
 
@@ -926,7 +926,8 @@ comment2 (void)
 char
 literal (void)
 {
-    char                *s = MsgBuffer;
+    char                *StringBuffer = MsgBuffer;
+    char                *EndBuffer = MsgBuffer + ASL_MSG_BUFFER_SIZE;
     char                *CleanString;
     char                StringChar;
     UINT32              State = ASL_NORMAL_CHAR;
@@ -1061,8 +1062,12 @@ DoCharacter:
                 }
                 else
                 {
-                    *s = (char) Digit;
-                    s++;
+                    *StringBuffer = (char) Digit;
+                    StringBuffer++;
+                    if (StringBuffer >= EndBuffer)
+                    {
+                        goto BufferOverflow;
+                    }
                 }
 
                 State = ASL_NORMAL_CHAR;
@@ -1102,8 +1107,12 @@ DoCharacter:
                 }
                 else
                 {
-                    *s = (char) Digit;
-                    s++;
+                    *StringBuffer = (char) Digit;
+                    StringBuffer++;
+                    if (StringBuffer >= EndBuffer)
+                    {
+                        goto BufferOverflow;
+                    }
                 }
 
                 State = ASL_NORMAL_CHAR;
@@ -1120,8 +1129,12 @@ DoCharacter:
 
         /* Save the finished character */
 
-        *s = StringChar;
-        s++;
+        *StringBuffer = StringChar;
+        StringBuffer++;
+        if (StringBuffer >= EndBuffer)
+        {
+            goto BufferOverflow;
+        }
     }
 
     /*
@@ -1138,7 +1151,7 @@ CompletedString:
     /*
      * Null terminate the input string and copy string to a new buffer
      */
-    *s = 0;
+    *StringBuffer = 0;
 
     CleanString = UtGetStringBuffer (strlen (MsgBuffer) + 1);
     if (!CleanString)
@@ -1153,6 +1166,17 @@ CompletedString:
     ACPI_STRCPY (CleanString, MsgBuffer);
     AslCompilerlval.s = CleanString;
     return (TRUE);
+
+
+BufferOverflow:
+
+    /* Literal was too long */
+
+    AslCommonError (ASL_ERROR, ASL_MSG_STRING_LENGTH,
+                    Gbl_CurrentLineNumber, Gbl_LogicalLineNumber,
+                    Gbl_CurrentLineOffset, Gbl_CurrentColumn,
+                    Gbl_Files[ASL_FILE_INPUT].Filename, "Max length 4096");
+    return (FALSE);
 }
 
 
diff --git a/source/compiler/aslglobal.h b/source/compiler/aslglobal.h
index 7217f6596..d31fc541f 100644
--- a/source/compiler/aslglobal.h
+++ b/source/compiler/aslglobal.h
@@ -3,7 +3,7 @@
 /******************************************************************************
  *
  * Module Name: aslglobal.h - Global variable definitions
- *              $Revision: 1.54 $
+ *              $Revision: 1.55 $
  *
  *****************************************************************************/
 
@@ -147,7 +147,7 @@ extern char                         *AslCompilertext;
 extern char                         hex[];
 
 #define ASL_LINE_BUFFER_SIZE        512
-#define ASL_MSG_BUFFER_SIZE         (ASL_LINE_BUFFER_SIZE * 2)
+#define ASL_MSG_BUFFER_SIZE         4096
 #define HEX_TABLE_LINE_SIZE         8
 #define HEX_LISTING_LINE_SIZE       16
 
@@ -206,6 +206,7 @@ ASL_EXTERN BOOLEAN                  ASL_INIT_GLOBAL (Gbl_HexOutputFlag, HEX_OUTP
 ASL_EXTERN ASL_FILE_INFO            Gbl_Files [ASL_NUM_FILES];
 
 ASL_EXTERN char                     *Gbl_DirectoryPath;
+ASL_EXTERN char                     ASL_INIT_GLOBAL (*Gbl_ExternalFilename, NULL);
 ASL_EXTERN char                     ASL_INIT_GLOBAL (*Gbl_IncludeFilename, NULL);
 ASL_EXTERN char                     ASL_INIT_GLOBAL (*Gbl_OutputFilenamePrefix, NULL);
 ASL_EXTERN char                     *Gbl_CurrentInputFilename;
diff --git a/source/compiler/asltypes.h b/source/compiler/asltypes.h
index 9ad44b35b..44f68c8f4 100644
--- a/source/compiler/asltypes.h
+++ b/source/compiler/asltypes.h
@@ -2,7 +2,7 @@
 /******************************************************************************
  *
  * Module Name: asltypes.h - compiler data types and struct definitions
- *              $Revision: 1.87 $
+ *              $Revision: 1.88 $
  *
  *****************************************************************************/
 
@@ -421,7 +421,8 @@ typedef enum
     ASL_MSG_TIMEOUT,
     ASL_MSG_RESULT_NOT_USED,
     ASL_MSG_NOT_REFERENCED,
-    ASL_MSG_NON_ZERO
+    ASL_MSG_NON_ZERO,
+    ASL_MSG_STRING_LENGTH
 
 } ASL_MESSAGE_IDS;
 
@@ -534,7 +535,8 @@ char                        *AslMessages [] = {
 /*    ASL_MSG_TIMEOUT */                    "Possible operator timeout is ignored",
 /*    ASL_MSG_RESULT_NOT_USED */            "Result is not used, operator has no effect",
 /*    ASL_MSG_NOT_REFERENCED */             "Namespace object is not referenced",
-/*    ASL_MSG_NON_ZERO */                   "Operand evaluates to zero"
+/*    ASL_MSG_NON_ZERO */                   "Operand evaluates to zero",
+/*    ASL_MSG_STRING_LENGTH */              "String literal too long"
 
 };