Fix heap buffer overflow when dump irep

Currently, the size of writing in heap by write_irep_record() is bigger than The size that is calculated by get_irep_record_size. Therefore, irep is dumped over the size of allocating memory when we execute dump_irep().

Fix heap buffer overflow when dump irep
Currently, the size of writing in heap by write_irep_record() is bigger than The size that is calculated by get_irep_record_size. Therefore, irep is dumped over the size of allocating memory when we execute dump_irep().
df13d418 · Horimoto Yasuhiro · 6d07d9b3 · df13d418
Commit df13d418 authored Nov 29, 2020 by Horimoto Yasuhiro
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

src/dump.c src/dump.c +1 -0

No files found.
--- a/src/dump.c
+++ b/src/dump.c
@@ -293,6 +293,7 @@ get_irep_record_size_1(mrb_state *mrb, const mrb_irep *irep)
  size_t size = 0;

  size += get_irep_header_size(mrb);
+  size += sizeof(uint16_t);
  size += get_iseq_block_size(mrb, irep);
  size += get_catch_table_block_size(mrb, irep);
  size += get_pool_block_size(mrb, irep);