Remove the length of `Float' pool from the binary dump.

Also fixed the size calculation of `irep` dump, that could cause memory
corruption.

2 files changed, 4 insertions, 9 deletions

diff --git a/src/dump.c b/src/dump.c
index a75b0a88e..0c5ded2e2 100644
--- a/src/dump.c
+++ b/src/dump.c
@@ -191,10 +191,8 @@ write_pool_block(mrb_state *mrb, const mrb_irep *irep, uint8_t *buf)
       cur += uint8_to_bin(IREP_TT_FLOAT, cur); /* data type */
 #ifndef MRB_NO_FLOAT
       {
-        len = sizeof(double);
-        cur += uint16_to_bin((uint16_t)len, cur); /* data length */
         dump_float(mrb, cur,irep->pool[pool_no].u.f);
-        cur += len;
+        cur += sizeof(double);
       }
 #else
       cur += uint16_to_bin(0, cur); /* zero length */
diff --git a/src/load.c b/src/load.c
index 0e6ae44a6..c1a8c4c87 100644
--- a/src/load.c
+++ b/src/load.c
@@ -35,7 +35,7 @@ offset_crc_body(void)
 
 #ifndef MRB_NO_FLOAT
 static double
-str_to_double(mrb_state *mrb, const char *p, size_t len)
+str_to_double(mrb_state *mrb, const char *p)
 {
   /* dump IEEE754 little endian binary */
   union {
@@ -43,7 +43,6 @@ str_to_double(mrb_state *mrb, const char *p, size_t len)
     double f;
   } u;
 
-  mrb_assert(sizeof(double)==len);
   if (littleendian) {
     memcpy(u.s, p, sizeof(double));
   }
@@ -169,10 +168,8 @@ read_irep_record_1(mrb_state *mrb, const uint8_t *bin, size_t *len, uint8_t flag
       case IREP_TT_FLOAT:
 #ifndef MRB_NO_FLOAT
         pool[i].tt = tt;
-        pool_data_len = bin_to_uint16(src); /* pool data length */
-        src += sizeof(uint16_t);
-        pool[i].u.f = str_to_double(mrb, (const char*)src, pool_data_len);
-        src += pool_data_len;
+         pool[i].u.f = str_to_double(mrb, (const char*)src);
+        src += sizeof(double);
         break;
 #else
         return NULL;            /* MRB_NO_FLOAT */