From 7a7d162a494e3ccf15f58f1d710dcf645cfa02b1 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Thu, 15 Sep 2016 15:20:26 -0700
Subject: Don't pick up junk from an unset error-number variable.

Keep the actual error code and pointer-to-error-string in the scanner
state, rather than pointers to the variables passed in to us.
Initialize them to 0 and NULL, respectively.

That way, when the actual scanner routine returns, we don't check for an
error by looking at the error variable pointed to by our argument, which
might not have been set by the scanner and might have stack junk in it,
we look at a structure member we set to 0 before the scan.

Bug: 12903
Change-Id: I5a382da569a226e60c3c2a47f3a1515b0490c31d
Reviewed-on: https://code.wireshark.org/review/17716
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 wiretap/k12text.l | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'wiretap/k12text.l')

diff --git a/wiretap/k12text.l b/wiretap/k12text.l
index 4cdea9c951..d9b022ab88 100644
--- a/wiretap/k12text.l
+++ b/wiretap/k12text.l
@@ -115,8 +115,8 @@
  */
 typedef struct {
 	FILE_T fh;
-	int *err;
-	gchar **err_info;
+	int err;
+	gchar *err_info;
 	int start_state;
 
 	guint g_h;
@@ -153,10 +153,10 @@ typedef struct {
 	k12text_state_t *scanner_state = k12text_get_extra(yyscanner); \
 	int c = file_getc(scanner_state->fh); \
 	if (c == EOF) { \
-		*(scanner_state->err) = file_error(scanner_state->fh, \
-		    scanner_state->err_info); \
-		if (*(scanner_state->err) == 0) \
-			*(scanner_state->err) = WTAP_ERR_SHORT_READ; \
+		scanner_state->err = file_error(scanner_state->fh, \
+		    &scanner_state->err_info); \
+		if (scanner_state->err == 0) \
+			scanner_state->err = WTAP_ERR_SHORT_READ; \
 		result = YY_NULL; \
 	} else { \
 		buf[0] = c; \
@@ -305,8 +305,8 @@ k12text_run_scanner(k12text_state_t *state, FILE_T fh, int start_state,
 		return FALSE;
 	}
 	state->fh = fh;
-	state->err = err;
-	state->err_info = err_info;
+	state->err = 0;
+	state->err_info = NULL;
 	state->start_state = start_state;
 
 	state->g_encap = WTAP_ENCAP_UNKNOWN;
@@ -328,8 +328,10 @@ k12text_run_scanner(k12text_state_t *state, FILE_T fh, int start_state,
 
 	yylex(scanner);
 	yylex_destroy(scanner);
-	if (*err != 0 && *err != WTAP_ERR_SHORT_READ) {
+	if (state->err != 0 && state->err != WTAP_ERR_SHORT_READ) {
 		/* I/O error. */
+		*err = state->err;
+		*err_info = state->err_info;
 		return FALSE;
 	}
 	return TRUE;
-- 
cgit v1.2.1