Add bounds checks when assembling tokens

jserv · jserv · commit 3e4189ae8d9d · 2025-08-13T04:51:27.000+08:00
This commit prevents token_str overflow by checking bounds when building
preprocessor directives, identifiers, and numeric literals.
diff --git a/src/lexer.c b/src/lexer.c
@@ -277,6 +277,8 @@ token_t lex_token_internal(bool aliasing)
         int i = 0;
 
         do {
+            if (i >= MAX_TOKEN_LEN - 1)
+                error("Token too long");
             token_str[i++] = next_char;
         } while (is_alnum(read_char(false)));
         token_str[i] = 0;
@@ -328,30 +330,40 @@ token_t lex_token_internal(bool aliasing)
 
     if (is_digit(next_char)) {
         int i = 0;
+        if (i >= MAX_TOKEN_LEN - 1)
+            error("Token too long");
         token_str[i++] = next_char;
         read_char(false);
 
         if (token_str[0] == '0' && ((next_char | 32) == 'x')) {
             /* Hexadecimal: starts with 0x or 0X */
+            if (i >= MAX_TOKEN_LEN - 1)
+                error("Token too long");
             token_str[i++] = next_char;
 
             read_char(false);
             if (!is_hex(next_char))
                 error("Invalid hex literal: expected hex digit after 0x");
 
             do {
+                if (i >= MAX_TOKEN_LEN - 1)
+                    error("Token too long");
                 token_str[i++] = next_char;
             } while (is_hex(read_char(false)));
 
         } else if (token_str[0] == '0' && ((next_char | 32) == 'b')) {
             /* Binary: starts with 0b or 0B */
+            if (i >= MAX_TOKEN_LEN - 1)
+                error("Token too long");
             token_str[i++] = next_char;
 
             read_char(false);
             if (next_char != '0' && next_char != '1')
                 error("Invalid binary literal: expected 0 or 1 after 0b");
 
             do {
+                if (i >= MAX_TOKEN_LEN - 1)
+                    error("Token too long");
                 token_str[i++] = next_char;
                 read_char(false);
             } while (next_char == '0' || next_char == '1');
@@ -361,13 +373,17 @@ token_t lex_token_internal(bool aliasing)
             while (is_digit(next_char)) {
                 if (next_char >= '8')
                     error("Invalid octal digit: must be in range 0-7");
+                if (i >= MAX_TOKEN_LEN - 1)
+                    error("Token too long");
                 token_str[i++] = next_char;
                 read_char(false);
             }
 
         } else {
             /* Decimal */
             while (is_digit(next_char)) {
+                if (i >= MAX_TOKEN_LEN - 1)
+                    error("Token too long");
                 token_str[i++] = next_char;
                 read_char(false);
             }
@@ -744,6 +760,8 @@ token_t lex_token_internal(bool aliasing)
         char *alias;
         int i = 0;
         do {
+            if (i >= MAX_TOKEN_LEN - 1)
+                error("Token too long");
             token_str[i++] = next_char;
         } while (is_alnum(read_char(false)));
         token_str[i] = 0;
