Skip to content

M
mruby
Commit edb5b367 authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

Avoid out-of-bound access of VM stack in OP_SENDB; fix #3692

parent b9f771dc
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 4 deletions
src/vm.c
View file @ edb5b367
...@@ -1245,6 +1245,7 @@ RETRY_TRY_BLOCK: ...@@ -1245,6 +1245,7 @@ RETRY_TRY_BLOCK:
mrb_value recv, result; mrb_value recv, result;
mrb_sym mid = syms[GETARG_B(i)]; mrb_sym mid = syms[GETARG_B(i)];
int bidx; int bidx;
mrb_value blk;
recv = regs[a]; recv = regs[a];
if (n == CALL_MAXARGS) { if (n == CALL_MAXARGS) {
...@@ -1259,6 +1260,7 @@ RETRY_TRY_BLOCK: ...@@ -1259,6 +1260,7 @@ RETRY_TRY_BLOCK:
mrb->c->ci->nregs = bidx+1; mrb->c->ci->nregs = bidx+1;
} }
SET_NIL_VALUE(regs[bidx]); SET_NIL_VALUE(regs[bidx]);
SET_NIL_VALUE(blk);
} }
else { else {
mrb_value blk = regs[bidx]; mrb_value blk = regs[bidx];
...@@ -1268,7 +1270,7 @@ RETRY_TRY_BLOCK: ...@@ -1268,7 +1270,7 @@ RETRY_TRY_BLOCK:
mrb->c->ci->nregs = bidx+1; mrb->c->ci->nregs = bidx+1;
} }
result = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc"); result = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
regs[bidx] = result; blk = regs[bidx] = result;
} }
} }
c = mrb_class(mrb, recv); c = mrb_class(mrb, recv);
...@@ -1331,9 +1333,6 @@ RETRY_TRY_BLOCK: ...@@ -1331,9 +1333,6 @@ RETRY_TRY_BLOCK:
if (mrb->exc) goto L_RAISE; if (mrb->exc) goto L_RAISE;
ci = mrb->c->ci; ci = mrb->c->ci;
if (GET_OPCODE(i) == OP_SENDB) { if (GET_OPCODE(i) == OP_SENDB) {
mrb_value blk;
blk = ci->stackent[bidx];
if (mrb_type(blk) == MRB_TT_PROC) { if (mrb_type(blk) == MRB_TT_PROC) {
struct RProc *p = mrb_proc_ptr(blk); struct RProc *p = mrb_proc_ptr(blk);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment