Check iseq buffer size before code emission; fix #4090

The type of `s->pc` is now `uint16_t` that can be overflowed easily. Need more checks.

Check iseq buffer size before code emission; fix #4090
The type of `s->pc` is now `uint16_t` that can be overflowed easily. Need more checks.
bc88fc6e · Yukihiro "Matz" Matsumoto · 814b7b5e · bc88fc6e
Commit bc88fc6e authored Aug 29, 2018 by Yukihiro "Matz" Matsumoto
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 6 deletions

mrbgems/mruby-compiler/core/codegen.c mrbgems/mruby-compiler/core/codegen.c +5 -6

No files found.
--- a/mrbgems/mruby-compiler/core/codegen.c
+++ b/mrbgems/mruby-compiler/core/codegen.c
@@ -151,11 +151,11 @@ new_label(codegen_scope *s)
 static void
 emit_B(codegen_scope *s, uint32_t pc, uint8_t i)
 {
+  if (pc >= MAXARG_S || s->icapa >= MAXARG_S) {
+    codegen_error(s, "too big code block");
+  }
  if (pc >= s->icapa) {
    s->icapa *= 2;
-    if (pc >= MAXARG_S) {
-      codegen_error(s, "too big code block");
-    }
    if (s->icapa > MAXARG_S) {
      s->icapa = MAXARG_S;
    }
@@ -184,7 +184,8 @@ emit_S(codegen_scope *s, int pc, uint16_t i)
 static void
 gen_B(codegen_scope *s, uint8_t i)
 {
-  emit_B(s, s->pc++, i);
+  emit_B(s, s->pc, i);
+  s->pc++;
 }

 static void
@@ -248,7 +249,6 @@ genop_2(codegen_scope *s, mrb_code i, uint16_t a, uint16_t b)
 static void
 genop_3(codegen_scope *s, mrb_code i, uint16_t a, uint16_t b, uint8_t c)
 {
-  s->lastpc = s->pc;
  genop_2(s, i, a, b);
  gen_B(s, c);
 }
@@ -256,7 +256,6 @@ genop_3(codegen_scope *s, mrb_code i, uint16_t a, uint16_t b, uint8_t c)
 static void
 genop_2S(codegen_scope *s, mrb_code i, uint16_t a, uint16_t b)
 {
-  s->lastpc = s->pc;
  genop_1(s, i, a);
  gen_S(s, b);
 }