diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2014-12-17 11:14:14 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2014-12-17 11:14:14 +0900 |
| commit | ed56d56dabe79bdec59a177e296cea3c77766438 (patch) | |
| tree | 7c2583aa0642da34a1534e222c5eac09b9cefc4d | |
| parent | a19a6edb7c464af9dd4303659ceabe2672882a6b (diff) | |
| download | mruby-ed56d56dabe79bdec59a177e296cea3c77766438.tar.gz mruby-ed56d56dabe79bdec59a177e296cea3c77766438.zip | |
avoid out-of-bounds access of irep->lv; ref #2671, fix #2675
allocation size of irep->iv is irep->nlocals-1.
| -rw-r--r-- | mrbgems/mruby-eval/src/eval.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/mrbgems/mruby-eval/src/eval.c b/mrbgems/mruby-eval/src/eval.c index 57c214c5f..3165c3898 100644 --- a/mrbgems/mruby-eval/src/eval.c +++ b/mrbgems/mruby-eval/src/eval.c @@ -55,18 +55,18 @@ search_variable(mrb_state *mrb, mrb_sym vsym, int bnest) return 0; } -static int +static mrb_bool potential_upvar_p(struct mrb_locals *lv, uint16_t v, uint16_t nlocals) { int i; + if (v >= nlocals) return FALSE; /* skip arguments */ - for (i=0; i<nlocals; i++) { + for (i=0; i<nlocals-1; i++) { if (lv[i].name == 0) - break; + return i < v; } - if (i == nlocals) return v < nlocals; - return i < v && v < nlocals; + return TRUE; } static void @@ -126,8 +126,6 @@ patch_irep(mrb_state *mrb, mrb_irep *irep, int bnest) } } -void mrb_codedump_all(mrb_state *mrb, struct RProc *proc); - static struct RProc* create_proc_from_string(mrb_state *mrb, char *s, int len, mrb_value binding, char *file, mrb_int line) { |