From 98ef2773e01cb66bfa25c72f6cd84034f6eec22a Mon Sep 17 00:00:00 2001
From: Pierre Muller <pierre@freepascal.org>
Date: Mon, 20 Nov 2023 20:59:04 +0100
Subject: [PATCH]   Improve token buffer size checks.

  * For settings comparison: call CompareByte only on copy_size.
  * For mesgnb: verify that there is enough memory space
    in rest of tokenbuf to hold the number of messages.
  + Add a check that tbi is not greater than tokenbufsize.
---
 compiler/utils/ppuutils/ppudump.pp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/compiler/utils/ppuutils/ppudump.pp b/compiler/utils/ppuutils/ppudump.pp
index 70fb302a1a..c5605b2800 100644
--- a/compiler/utils/ppuutils/ppudump.pp
+++ b/compiler/utils/ppuutils/ppudump.pp
@@ -2709,7 +2709,7 @@ begin
                     stbi:=tbi;
                     tokenreadsettings(new_settings, copy_size);
                     tbi:=stbi+copy_size;
-                    if CompareByte(new_settings,prev_settings,sizeof(new_settings))<>0 then
+                    if CompareByte(new_settings,prev_settings,copy_size)<>0 then
                       begin
                         dump_new_settings;
                         writeln;
@@ -2725,6 +2725,10 @@ begin
                     inc(tbi);
                     mesgnb:=gettokenbufsizeint;;
                     writeln([space,mesgnb,' messages: ']);
+                    if (tbi+2*sizeof(longint)*mesgnb>tokenbufsize) then
+                      begin
+                        WriteError('!! Error: number of messages incompatible with token buffer size');
+                      end;
                     for nb:=1 to mesgnb do
                       begin
                         msgvalue:=gettokenbuflongint;
@@ -2774,7 +2778,12 @@ begin
       if tbi<tokenbufsize then
         write(',');
     end;
-  writeln;
+  if (tbi>tokenbufsize) then
+    begin
+      WriteError('!! Error: read past of token buffer size');
+    end
+  else
+    writeln;
   StrAppend(genstr,linestr);
   writeln(['##',genstr,'##']);
 end;