From 259af3cf06a9e75cc93903d6ff4d8cad89f94874 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@gmail.com>
Date: Sun, 16 Jul 2017 19:40:50 +0200
Subject: [PATCH] Increase MAXSYM and add sanity checks.

I had jam crash in strange ways because a stack-allocatted aray was
overflowing. Double the limit, and add sanity checks with exit and clear
error messages in case it happens again.
---
 jam/builtins.c | 28 ++++++++++++++++------------
 jam/expand.c   |  8 ++++++++
 jam/headers.c  |  4 ++++
 jam/jam.h      |  2 +-
 jam/variable.c |  4 ++++
 5 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/jam/builtins.c b/jam/builtins.c
index a1b317c9d0..4a8a477053 100644
--- a/jam/builtins.c
+++ b/jam/builtins.c
@@ -276,19 +276,19 @@ builtin_match(
 	LOL	*args,
 	int	*jmp )
 {
-	LIST *l, *r;
-	LIST *result = 0;
+    LIST *l, *r;
+    LIST *result = 0;
 
-	/* For each pattern */
+    /* For each pattern */
 
-	for( l = lol_get( args, 0 ); l; l = l->next )
-	{
-	    regexp *re = regcomp( l->string );
+    for( l = lol_get( args, 0 ); l; l = l->next )
+    {
+	regexp *re = regcomp( l->string );
 
-	    /* For each string to match against */
+	/* For each string to match against */
 
-	    for( r = lol_get( args, 1 ); r; r = r->next )
-		if( regexec( re, r->string ) )
+	for( r = lol_get( args, 1 ); r; r = r->next )
+	    if( regexec( re, r->string ) )
 	    {
 		int i, top;
 
@@ -305,14 +305,18 @@ builtin_match(
 		{
 		    char buf[ MAXSYM ];
 		    int l = re->endp[i] - re->startp[i];
+		    if (l > MAXSYM) {
+			printf("MAXSYM is too low! NEed at least %d\n", l);
+			exit(-1);
+		    }
 		    memcpy( buf, re->startp[i], l );
 		    buf[ l ] = 0;
 		    result = list_new( result, buf, 0 );
 		}
 	    }
 
-	    free( (char *)re );
-	}
+	free( (char *)re );
+    }
 
-	return result;
+    return result;
 }
diff --git a/jam/expand.c b/jam/expand.c
index aca9137a30..faadf13f0f 100644
--- a/jam/expand.c
+++ b/jam/expand.c
@@ -206,6 +206,10 @@ var_expand(
 		/* Look for a : modifier in the variable name */
 		/* Must copy into varname so we can modify it */
 
+		if (strlen(vars->string) > MAXSYM) {
+		    printf("MAXSYM is too low! Need at least %d\n", l);
+		    exit(-1);
+		}
 		strcpy( varname, vars->string );
 
 		if( colon = strchr( varname, MAGIC_COLON ) )
@@ -274,6 +278,10 @@ var_expand(
 		    LIST *rem;
 		    char *out1;
 
+		    if (out - out_buf > MAXSYM) {
+			printf("MAXSYM is too low!\n");
+			exit(-1);
+		    }
 		    /* Handle end subscript (length actually) */
 
 		    if( sub2 >= 0 && --sub2 < 0 )
diff --git a/jam/headers.c b/jam/headers.c
index 197d32e464..7f5ccb7ae9 100644
--- a/jam/headers.c
+++ b/jam/headers.c
@@ -129,6 +129,10 @@ headers1(
 
 		char buf2[ MAXSYM ];
 		int l = re[i]->endp[1] - re[i]->startp[1];
+		if (l > MAXSYM) {
+			printf("MAXSYM is too low! Need at least %d\n", l);
+			exit(-1);
+		}
 		memcpy( buf2, re[i]->startp[1], l );
 		buf2[ l ] = 0;
 		result = list_new( result, buf2, 0 );
diff --git a/jam/jam.h b/jam/jam.h
index 6ce522a83e..da3db48e94 100644
--- a/jam/jam.h
+++ b/jam/jam.h
@@ -478,7 +478,7 @@
 
 /* You probably don't need to muck with these. */
 
-# define MAXSYM	1024	/* longest symbol in the environment */
+# define MAXSYM	2048	/* longest symbol in the environment */
 # define MAXJPATH 1024	/* longest filename */
 
 # define MAXJOBS 64	/* silently enforce -j limit */
diff --git a/jam/variable.c b/jam/variable.c
index 0a2d07c70e..97b7bb067c 100644
--- a/jam/variable.c
+++ b/jam/variable.c
@@ -117,6 +117,10 @@ var_defines( const char **e )
 
 		/* Get name */
 
+		if (val - *e > MAXSYM) {
+			printf("MAXSYM is too low, need at least %d\n", val - *e);
+			exit(-1);
+		}
 		strncpy( buf, *e, val - *e );
 		buf[ val - *e ] = '\0';