fixed bug #677841 by limiting the scanner to no more than 4095 characters for a single ID token

3 files changed, 9 insertions, 2 deletions

diff --git a/labels.c b/labels.c
index c793904a..74222f52 100644
--- a/labels.c
+++ b/labels.c
@@ -38,6 +38,9 @@
 #define BOGUS_VALUE -4
 
 #define PERMTS_SIZE  4096               /* size of text blocks */
+#if (PERMTS_SIZE > IDLEN_MAX)
+#error "IPERMTS_SIZE must be less than or equal to IDLEN_MAX" 
+#endif
 
 /* values for label.defn.is_global */
 #define DEFINED_BIT 1
diff --git a/nasm.h b/nasm.h
index 6ead7c28..3efb1e48 100644
--- a/nasm.h
+++ b/nasm.h
@@ -40,7 +40,7 @@
 #define POSTFIX_MAX 10
 #endif
 
-
+#define IDLEN_MAX 4096
 
 /*
  * Name pollution problems: <time.h> on Digital UNIX pulls in some
diff --git a/nasmlib.c b/nasmlib.c
index 7578ea7c..e63b573e 100644
--- a/nasmlib.c
+++ b/nasmlib.c
@@ -727,8 +727,12 @@ int stdscan (void *private_data, struct tokenval *tv)
 	}
 
  	r = stdscan_bufptr++;
+	/* read the entire buffer to advance the buffer pointer but... */
 	while (isidchar(*stdscan_bufptr)) stdscan_bufptr++;
-	tv->t_charptr = stdscan_copy(r, stdscan_bufptr - r);
+
+	/* ... copy only up to IDLEN_MAX-1 characters */
+	tv->t_charptr = stdscan_copy(r, stdscan_bufptr - r < IDLEN_MAX ? 
+		stdscan_bufptr - r : IDLEN_MAX - 1);
 
 	if (is_sym || stdscan_bufptr-r > MAX_KEYWORD)
 	    return tv->t_type = TOKEN_ID;/* bypass all other checks */