In case the erroneous token is unprintable, e.g. a control character, print its hex value instead. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- checkpolicy/policy_scan.l | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index c4d8e937..d7cf2896 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -320,6 +320,16 @@ GLBLUB { return(GLBLUB); } int yyerror(const char *msg) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + const char *token; + char buf[8]; + + if (isprint((unsigned char)yytext[0])) { + token = yytext; + } else { + snprintf(buf, sizeof(buf), "%#x", yytext[0]); + token = buf; + } + if (source_file[0]) fprintf(stderr, "%s:%lu:", source_file, source_lineno); @@ -327,7 +337,7 @@ int yyerror(const char *msg) fprintf(stderr, "(unknown source)::"); fprintf(stderr, "ERROR '%s' at token '%s' on line %lu:\n%s\n%s\n", msg, - yytext, + token, policydb_lineno, linebuf[0], linebuf[1]); #else -- 2.43.0