There can be at most 255 techs in a tech file.
The reason being, an array of tech pointers with 256 elements is used to store each tech as it is processed. As each tech is processed, it allocates memory to hold the tech. But since it doesn't know when the end of a file is, it allocates one extra, and tries to parse the file and fill in the tech fields. When the end of file is detected, it deallocates the memory for that last tech. Hence, there is room for 255 real techs, and then a dummy entry that is filled in briefly while it tries to parse another one, only to find it's hit the end of the file.
To make things worse, the array is not bounds checked at all, and it resides on the stack. It's doubly bad since the array is an array of pointers, so by purposefully overflowing this array, you'll overwrite the return address on the stack with a pointer to the tech data. If you setup the tags just right in the tech file, you have control over what data is put where in that structure, so a keen assembly/machine code nut could potentially write a virus in a tech file. They would also have complete control over what goes into the first 28 bytes of that structure (provided there's no hidden error checking I don't know about). If that isn't enough space, they could always chain to code written into another tech structure, which would be easily accessible through the other pointers in the array, which are easily found off the stack. Such a virus would be activated when the tech file is loaded. I would also seriously doubt that any virus scanner would be able to pick up on this, since the only time a virus scanner could realiably scan the data, was while it's still in text format, before it gets parsed and assembled.
Or maybe by thinking all this, it just shows I have too much time on my hands. <_<
Come to think of it, I sort of feel a need to try this out now.
Parsing stops "gracefully" if a BEGIN_TECH token can't be found (because it's hit the end of the file, or other read error). Once the BEGIN_TECH token is found, any errors before the END_TECH is found generate a Parse Error and informs the user. The "graceful" stopping is one way in which garbage at the end of compressed streams from the .vol files can be ignored.