From 3e80489c156cef05b7fdd12385a1b396259c056a Mon Sep 17 00:00:00 2001
From: mtb0x1 <39337159+mtb0x1@users.noreply.github.com>
Date: Tue, 18 Jun 2024 17:11:53 +0200
Subject: [PATCH] fix(#6671): fix possible stack buffer overflow in
 gen-s-parser.inc

---
 scripts/gen-s-parser.py | 6 ++++++
 src/gen-s-parser.inc    | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/scripts/gen-s-parser.py b/scripts/gen-s-parser.py
index d75be7635fc..2aa158c59ec 100755
--- a/scripts/gen-s-parser.py
+++ b/scripts/gen-s-parser.py
@@ -708,6 +708,10 @@ def instruction_parser():
 
     printer.print_line("auto op = *keyword;")
     printer.print_line("char buf[{}] = {{}};".format(inst_length + 1))
+    printer.print_line("// Ensure we do not copy more than the buffer can hold")
+    printer.print_line("if (op.size() >= sizeof(buf)) {")
+    printer.print_line("  goto parse_error;")
+    printer.print_line("}")
     printer.print_line("memcpy(buf, op.data(), op.size());")
 
     def print_leaf(expr, inst):
@@ -754,9 +758,11 @@ def emit(node, idx=0):
 def print_header():
     print("// DO NOT EDIT! This file generated by scripts/gen-s-parser.py\n")
     print("// clang-format off\n")
+    print("// NOLINTBEGIN\n")
 
 
 def print_footer():
+    print("\n// NOLINTEND")
     print("\n// clang-format on")
 
 
diff --git a/src/gen-s-parser.inc b/src/gen-s-parser.inc
index 5cdb29d833d..03b346113e1 100644
--- a/src/gen-s-parser.inc
+++ b/src/gen-s-parser.inc
@@ -2,8 +2,14 @@
 
 // clang-format off
 
+// NOLINTBEGIN
+
 auto op = *keyword;
 char buf[33] = {};
+// Ensure we do not copy more than the buffer can hold
+if (op.size() >= sizeof(buf)) {
+  goto parse_error;
+}
 memcpy(buf, op.data(), op.size());
 switch (buf[0]) {
   case 'a': {
@@ -5151,4 +5157,6 @@ switch (buf[0]) {
 parse_error:
   return ctx.in.err(pos, "unrecognized instruction");
 
+// NOLINTEND
+
 // clang-format on