ivuorinen/tree-sitter-shellspec
1
0
Fork 0
mirror of https://github.com/ivuorinen/tree-sitter-shellspec.git synced 2026-02-03 00:47:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(scanner): address memory safety and correctness issues in C code

Browse Source 
- Add len==0 check in set_contains() to prevent buffer overflow
- Add missing stdlib.h include in scanner.c
- Clear heredoc stack properly in deserialize when length==0
- Ensure NUL termination in delimiter deserialization
- Create alloc.c to define ts_current_* symbols for TREE_SITTER_REUSE_ALLOCATOR

All changes tested with full test suite: 61/61 tests passing.

Addresses PR #1 review comments from CodeRabbit.
This commit is contained in:
Ismo Vuorinen
2025-11-25 23:27:12 +02:00
parent 4344567555
commit dc672f8485
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/scanner.c
View File

@@ -3,6 +3,7 @@
#include <assert.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include <wctype.h>
@@ -124,6 +125,13 @@ static unsigned serialize(Scanner *scanner, char *buffer) {
static void deserialize(Scanner *scanner, const char *buffer, unsigned length) {
if (length == 0) {
// Fully clear heredocs to avoid stale stack entries after reset
for (uint32_t i = 0; i < scanner->heredocs.size; i++) {
Heredoc *h = array_get(&scanner->heredocs, i);
array_delete(&h->current_leading_word);
array_delete(&h->delimiter);
}
array_clear(&scanner->heredocs);
reset(scanner);
} else {
uint32_t size = 0;
@@ -147,12 +155,18 @@ static void deserialize(Scanner *scanner, const char *buffer, unsigned length) {
memcpy(&heredoc->delimiter.size, &buffer[size], sizeof(uint32_t));
size += sizeof(uint32_t);
array_reserve(&heredoc->delimiter, heredoc->delimiter.size);
array_reserve(&heredoc->delimiter, heredoc->delimiter.size > 0 ? heredoc->delimiter.size : 1);
if (heredoc->delimiter.size > 0) {
memcpy(heredoc->delimiter.contents, &buffer[size],
heredoc->delimiter.size);
size += heredoc->delimiter.size;
// Ensure NUL termination for safety
if (heredoc->delimiter.contents[heredoc->delimiter.size - 1] != '\0') {
array_reserve(&heredoc->delimiter, heredoc->delimiter.size + 1);
heredoc->delimiter.contents[heredoc->delimiter.size] = '\0';
heredoc->delimiter.size++;
}
}
}
assert(size == length);