Limit size of iseq buffer; fix #3927

author: Yukihiro "Matz" Matsumoto <[email protected]> 2018-01-16 15:17:56 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2018-01-16 15:17:56 +0900
commit: ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c (patch)
tree: 46257987b25b7796a12c3585dd919e1fa93de823 /mrbgems/mruby-compiler
parent: ca837b1a24ab6a0d771d34ad4efd97c4ab6b2c16 (diff)
download: mruby-ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c.tar.gz
mruby-ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/mrbgems/mruby-compiler/core/codegen.c b/mrbgems/mruby-compiler/core/codegen.c
index c4227ca8e..eb82110b8 100644
--- a/mrbgems/mruby-compiler/core/codegen.c
+++ b/mrbgems/mruby-compiler/core/codegen.c
@@ -149,8 +149,14 @@ new_label(codegen_scope *s)
 static inline int
 genop(codegen_scope *s, mrb_code i)
 {
-  if (s->pc == s->icapa) {
+  if (s->pc >= s->icapa) {
     s->icapa *= 2;
+    if (s->pc >= MAXARG_sBx) {
+      codegen_error(s, "too big code block");
+    }
+    if (s->icapa > MAXARG_sBx) {
+      s->icapa = MAXARG_sBx;
+    }
     s->iseq = (mrb_code *)codegen_realloc(s, s->iseq, sizeof(mrb_code)*s->icapa);
     if (s->lines) {
       s->lines = (uint16_t*)codegen_realloc(s, s->lines, sizeof(short)*s->icapa);
author	Yukihiro "Matz" Matsumoto <[email protected]>	2018-01-16 15:17:56 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2018-01-16 15:17:56 +0900
commit	ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c (patch)
tree	46257987b25b7796a12c3585dd919e1fa93de823 /mrbgems/mruby-compiler
parent	ca837b1a24ab6a0d771d34ad4efd97c4ab6b2c16 (diff)
download	mruby-ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c.tar.gz mruby-ec63b1a0e05b49beb5a7c5b2ec4521ca33a9cf7c.zip