[BUG] Array out-of-bounds read in token_is_col_id() - liboracle_parser.c

## Description
  Array out-of-bounds access in `token_is_col_id()` function when token is not found in keyword list.

  ## Location
  - **File:** `src/backend/oracle_parser/liboracle_parser.c`
  - **Lines:** 316-317

  ## Problem
  ```c
  for (i = 0; i < OraScanKeywords.num_keywords; i++)
  {
      if (OraScanKeywordTokens[i] == token)
          break;
  }

  // BUG: If token not found, i == OraScanKeywords.num_keywords (out of bounds!)
  if (OraScanKeywordCategories[i] == UNRESERVED_KEYWORD ||
      OraScanKeywordCategories[i] == COL_NAME_KEYWORD)
      return true;
```
  If the token is not found in the loop, i will equal OraScanKeywords.num_keywords, which is beyond the valid bounds of OraScanKeywordCategories[].

  Impact

  - Buffer over-read
  - Potential crash or information disclosure

  Suggested Fix
```c
  if (i < OraScanKeywords.num_keywords &&
      (OraScanKeywordCategories[i] == UNRESERVED_KEYWORD ||
       OraScanKeywordCategories[i] == COL_NAME_KEYWORD))
      return true;
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Array out-of-bounds read in token_is_col_id() - liboracle_parser.c #1159

Description

Location

Problem

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[BUG] Array out-of-bounds read in token_is_col_id() - liboracle_parser.c #1159

Description

Description

Location

Problem

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions