I consider how is solve problem with too long input for yacc and lex. I have got no possibility to control length of length of input and I am afraid of bufferflow attack, for example.
What do you think?
Asked
Active
Viewed 55 times
1 Answers
1
There is no reason for concern with the code generated by (f)lex or yacc/bison. They will either reallocate buffers and stacks or report an out-of-memory condition.
In general, the traditional configurations of lex and yacc are less willing to use extra memory, so pathological inputs may result in the parse failing with a memory error, but that is not a security issue.
Of course, that does not relieve you of the responsibility to ensure that all of your code is free of buffer overruns. Avoid fixed-length buffers; always check limits; and never assume that a malloc will not return 0.
rici
- 234,347
- 28
- 237
- 341