Fix buffer overflow in preproc.c (BR 1942146)

Fix buffer overflow in preproc.c due to an incorrect test.  In the
code:

        for (r = p, s = ourcopy; *r; r++) {
	    if (r >= p+MAX_KEYWORD)
	    	return tokval->t_type = TOKEN_ID; /* Not a keyword */
            *s++ = tolower(*r);
	    }
        *s = '\0';

... the test really needs to be >= since for the pass where there are
equal:

a) a nonzero byte means we have > MAX_KEYWORD characters, and
b) s = ourcopy+MAX_KEYWORD; but if the test doesn't trigger,
   we can write one more character *plus* the null byte, overflowing
   ourcopy.

diff --git a/preproc.c b/preproc.c
index 0560beb..8626cfe 100644 (file)
--- a/preproc.c
+++ b/preproc.c
@@ -1074,7 +1074,7 @@ static int ppscan(void *private_data, struct tokenval *tokval)
         }
 
         for (r = p, s = ourcopy; *r; r++) {
-           if (r > p+MAX_KEYWORD)
+           if (r >= p+MAX_KEYWORD)
                return tokval->t_type = TOKEN_ID; /* Not a keyword */
             *s++ = tolower(*r);
        }