From e09ebf475c0056ab37a58d6242e79c230e88b1c4 Mon Sep 17 00:00:00 2001 From: Clifford Wolf Date: Tue, 31 Dec 2013 21:58:35 +0100 Subject: [PATCH] Fixed use of limited length buffer in ABC blif parser --- passes/abc/blifparse.cc | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/passes/abc/blifparse.cc b/passes/abc/blifparse.cc index a630405c6..2d46d1a8e 100644 --- a/passes/abc/blifparse.cc +++ b/passes/abc/blifparse.cc @@ -22,22 +22,28 @@ #include #include -static bool read_next_line(char *buffer, int &line_count, FILE *f) +static bool read_next_line(char *&buffer, size_t &buffer_size, int &line_count, FILE *f) { + int buffer_len = 0; buffer[0] = 0; while (1) { - int buffer_len = strlen(buffer); + buffer_len += strlen(buffer + buffer_len); while (buffer_len > 0 && (buffer[buffer_len-1] == ' ' || buffer[buffer_len-1] == '\t' || buffer[buffer_len-1] == '\r' || buffer[buffer_len-1] == '\n')) buffer[--buffer_len] = 0; + if (buffer_size-buffer_len < 4096) { + buffer_size *= 2; + buffer = (char*)realloc(buffer, buffer_size); + } + if (buffer_len == 0 || buffer[buffer_len-1] == '\\') { if (buffer[buffer_len-1] == '\\') buffer[--buffer_len] = 0; line_count++; - if (fgets(buffer+buffer_len, 4096-buffer_len, f) == NULL) + if (fgets(buffer+buffer_len, buffer_size-buffer_len, f) == NULL) return false; } else return true; @@ -56,12 +62,13 @@ RTLIL::Design *abc_parse_blif(FILE *f, std::string dff_name) module->name = "\\netlist"; design->modules[module->name] = module; - char buffer[4096]; + size_t buffer_size = 4096; + char *buffer = (char*)malloc(buffer_size); int line_count = 0; while (1) { - if (!read_next_line(buffer, line_count, f)) + if (!read_next_line(buffer, buffer_size, line_count, f)) goto error; continue_without_read: @@ -83,8 +90,10 @@ RTLIL::Design *abc_parse_blif(FILE *f, std::string dff_name) if (!strcmp(cmd, ".model")) continue; - if (!strcmp(cmd, ".end")) + if (!strcmp(cmd, ".end")) { + free(buffer); return design; + } if (!strcmp(cmd, ".inputs") || !strcmp(cmd, ".outputs")) { char *p; @@ -174,7 +183,7 @@ RTLIL::Design *abc_parse_blif(FILE *f, std::string dff_name) if (input_sig.width == 0) { RTLIL::State state = RTLIL::State::Sa; while (1) { - if (!read_next_line(buffer, line_count, f)) + if (!read_next_line(buffer, buffer_size, line_count, f)) goto error; for (int i = 0; buffer[i]; i++) { if (buffer[i] == ' ' || buffer[i] == '\t') -- 2.30.2