From 29bb003f95d81c2713da2ea4746e67e7589646bb Mon Sep 17 00:00:00 2001
From: mhoffm <mhoffm@posteo.de>
Date: Sun, 27 Jun 2021 22:27:21 +0200
Subject: [PATCH] fix bug when heredoc_identifier length exceeds CHAR_MAX

---
 CHANGELOG.md              |  1 +
 src/scanner.cc            |  5 +++++
 test/corpus/templates.txt | 20 ++++++++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 976226e..2779170 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ fix:
 * allow empty template interpolations
 * allow empty templates
 * fix bug in serializer when the `context_stack.size()` exceeds `CHAR_MAX`
+* fix bug in serializer when the `heredoc_identifier.size()` exceeds `CHAR_MAX`
 
 quality:
 * add fuzzing
diff --git a/src/scanner.cc b/src/scanner.cc
index f2f4505..52c6840 100644
--- a/src/scanner.cc
+++ b/src/scanner.cc
@@ -6,6 +6,8 @@
 #include <wctype.h>
 #include <assert.h>
 
+#include <stdio.h>
+
 namespace {
 
 using std::vector;
@@ -49,6 +51,9 @@ public:
       if (size + 2 + it->heredoc_identifier.size() >= TREE_SITTER_SERIALIZATION_BUFFER_SIZE) {
         return 0;
       }
+      if (it->heredoc_identifier.size() > CHAR_MAX) {
+        return 0;
+      }
       buf[size++] = it->type;
       buf[size++] = it->heredoc_identifier.size();
       it->heredoc_identifier.copy(&buf[size], it->heredoc_identifier.size());
diff --git a/test/corpus/templates.txt b/test/corpus/templates.txt
index fc0ff12..16c0ca7 100644
--- a/test/corpus/templates.txt
+++ b/test/corpus/templates.txt
@@ -228,3 +228,23 @@ END
             (heredoc_identifier)
             (template_literal)
             (heredoc_identifier)))))))
+
+================================================================================
+heredoc with identifier that does not fit into the serialization buffer (should not crash)
+================================================================================
+
+foo = <<XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+--------------------------------------------------------------------------------
+
+(config_file
+  (body
+    (attribute
+      (identifier)
+      (expression
+        (template_expr
+          (heredoc_template
+            (heredoc_start)
+            (heredoc_identifier)
+            (heredoc_identifier)))))))