Skip to content

M
mruby
Commit ed56d56d authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

avoid out-of-bounds access of irep->lv; ref #2671, fix #2675 

allocation size of irep->iv is irep->nlocals-1.
parent a19a6edb
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 7 deletions
mrbgems/mruby-eval/src/eval.c
View file @ ed56d56d
...@@ -55,18 +55,18 @@ search_variable(mrb_state *mrb, mrb_sym vsym, int bnest) ...@@ -55,18 +55,18 @@ search_variable(mrb_state *mrb, mrb_sym vsym, int bnest)
return 0; return 0;
} }
static int static mrb_bool
potential_upvar_p(struct mrb_locals *lv, uint16_t v, uint16_t nlocals) potential_upvar_p(struct mrb_locals *lv, uint16_t v, uint16_t nlocals)
{ {
int i; int i;
if (v >= nlocals) return FALSE;
/* skip arguments */ /* skip arguments */
for (i=0; i<nlocals; i++) { for (i=0; i<nlocals-1; i++) {
if (lv[i].name == 0) if (lv[i].name == 0)
break; return i < v;
} }
if (i == nlocals) return v < nlocals; return TRUE;
return i < v && v < nlocals;
} }
static void static void
...@@ -126,8 +126,6 @@ patch_irep(mrb_state *mrb, mrb_irep *irep, int bnest) ...@@ -126,8 +126,6 @@ patch_irep(mrb_state *mrb, mrb_irep *irep, int bnest)
} }
} }
void mrb_codedump_all(mrb_state *mrb, struct RProc *proc);
static struct RProc* static struct RProc*
create_proc_from_string(mrb_state *mrb, char *s, int len, mrb_value binding, char *file, mrb_int line) create_proc_from_string(mrb_state *mrb, char *s, int len, mrb_value binding, char *file, mrb_int line)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment