this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

cue/scanner: reject leading-zero integers followed by range operator

The scanner failed to report "illegal integer number" for tokens like
00, 077, or 078 when followed by the range operator (...). The dot
lookahead for float detection jumped to the fraction label, which
detected the ".." range and exited without the leading-zero check.

Fix by checking for ".." before the float-continuation goto, so that
leading-zero integers are always rejected regardless of what follows.

Found via fuzzing.

Signed-off-by: Daniel Martí <mvdan@mvdan.cc>
Change-Id: I0bfe1200c2522ad0646242330b89103e8fa76f73
Reviewed-on: https://review.gerrithub.io/c/cue-lang/cue/+/1235296
Reviewed-by: Matthew Sackman <matthew@cue.works>
TryBot-Result: CUEcueckoo <cueckoo@cuelang.org>
Unity-Result: CUE porcuepine <cue.porcuepine@gmail.com>

+11
+7
cue/scanner/scanner.go
··· 291 291 seenDigits = true 292 292 s.scanMantissa(10) 293 293 } 294 + if p := s.offset + 1; s.ch == '.' && p < len(s.src) && s.src[p] == '.' { 295 + // The dot is part of a range (..), so this is an integer. 296 + if seenDigits { 297 + s.errf(offs, "illegal integer number") 298 + } 299 + goto exit 300 + } 294 301 if s.ch == '.' || s.ch == 'e' || s.ch == 'E' { 295 302 goto fraction 296 303 }
+4
cue/scanner/scanner_test.go
··· 784 784 {`#"\q"#`, token.STRING, 0, `#"\q"#`, ""}, 785 785 {`#"\#q"#`, token.STRING, 4, `#"\#q"#`, "unknown escape sequence"}, 786 786 {"0", token.INT, 0, "0", ""}, 787 + {"00", token.INT, 0, "00", "illegal integer number"}, 788 + {"00...", token.INT, 0, "00", "illegal integer number"}, 787 789 {"077", token.INT, 0, "077", "illegal integer number"}, 790 + {"077...", token.INT, 0, "077", "illegal integer number"}, 788 791 {"078.", token.FLOAT, 0, "078.", ""}, 789 792 {"07801234567.", token.FLOAT, 0, "07801234567.", ""}, 790 793 {"078e0", token.FLOAT, 0, "078e0", ""}, 791 794 {"078", token.INT, 0, "078", "illegal integer number"}, 795 + {"078...", token.INT, 0, "078", "illegal integer number"}, 792 796 {"07800000009", token.INT, 0, "07800000009", "illegal integer number"}, 793 797 {"0x", token.INT, 0, "0x", "illegal hexadecimal number"}, 794 798 {"0X", token.INT, 0, "0X", "illegal hexadecimal number"},