From d2b548de6088ec28ceb3c2d10c11f78035c0038d Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" Date: Tue, 22 Sep 2020 10:53:52 +0900 Subject: Remove the length of `Float' pool from the binary dump. Also fixed the size calculation of `irep` dump, that could cause memory corruption. --- src/dump.c | 4 +--- src/load.c | 9 +++------ 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/src/dump.c b/src/dump.c index a75b0a88e..0c5ded2e2 100644 --- a/src/dump.c +++ b/src/dump.c @@ -191,10 +191,8 @@ write_pool_block(mrb_state *mrb, const mrb_irep *irep, uint8_t *buf) cur += uint8_to_bin(IREP_TT_FLOAT, cur); /* data type */ #ifndef MRB_NO_FLOAT { - len = sizeof(double); - cur += uint16_to_bin((uint16_t)len, cur); /* data length */ dump_float(mrb, cur,irep->pool[pool_no].u.f); - cur += len; + cur += sizeof(double); } #else cur += uint16_to_bin(0, cur); /* zero length */ diff --git a/src/load.c b/src/load.c index 0e6ae44a6..c1a8c4c87 100644 --- a/src/load.c +++ b/src/load.c @@ -35,7 +35,7 @@ offset_crc_body(void) #ifndef MRB_NO_FLOAT static double -str_to_double(mrb_state *mrb, const char *p, size_t len) +str_to_double(mrb_state *mrb, const char *p) { /* dump IEEE754 little endian binary */ union { @@ -43,7 +43,6 @@ str_to_double(mrb_state *mrb, const char *p, size_t len) double f; } u; - mrb_assert(sizeof(double)==len); if (littleendian) { memcpy(u.s, p, sizeof(double)); } @@ -169,10 +168,8 @@ read_irep_record_1(mrb_state *mrb, const uint8_t *bin, size_t *len, uint8_t flag case IREP_TT_FLOAT: #ifndef MRB_NO_FLOAT pool[i].tt = tt; - pool_data_len = bin_to_uint16(src); /* pool data length */ - src += sizeof(uint16_t); - pool[i].u.f = str_to_double(mrb, (const char*)src, pool_data_len); - src += pool_data_len; + pool[i].u.f = str_to_double(mrb, (const char*)src); + src += sizeof(double); break; #else return NULL; /* MRB_NO_FLOAT */ -- cgit v1.2.3