From 44a5809224e819bf8bcca4ae9a8c5ea5bf4cefd7 Mon Sep 17 00:00:00 2001 From: Jose Narvaez Date: Fri, 13 Jun 2014 10:09:28 +0100 Subject: Fixed possible division by zero in 'codegen.c' reported by 'clang-analyzer' --- src/codegen.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'src/codegen.c') diff --git a/src/codegen.c b/src/codegen.c index c7b8e2d74..e2a43e5fc 100644 --- a/src/codegen.c +++ b/src/codegen.c @@ -1106,21 +1106,23 @@ readint_mrb_int(codegen_scope *s, const char *p, int base, mrb_bool neg, mrb_boo codegen_error(s, "malformed readint input"); } - if (neg) { - if ((MRB_INT_MIN + n)/base > result) { - *overflow = TRUE; - return 0; + if(base > 0) { + if (neg) { + if ((MRB_INT_MIN + n)/base > result) { + *overflow = TRUE; + return 0; + } + result *= base; + result -= n; } - result *= base; - result -= n; - } - else { - if ((MRB_INT_MAX - n)/base < result) { - *overflow = TRUE; - return 0; + else { + if ((MRB_INT_MAX - n)/base < result) { + *overflow = TRUE; + return 0; + } + result *= base; + result += n; } - result *= base; - result += n; } p++; } -- cgit v1.2.3 From 29f14e728d319d9fc80702ba78959c1957944767 Mon Sep 17 00:00:00 2001 From: Jose Narvaez Date: Fri, 13 Jun 2014 10:50:15 +0100 Subject: Fixed dereference to null pointer in 'codegen.c' reported by 'clang-analyzer' --- src/codegen.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/codegen.c') diff --git a/src/codegen.c b/src/codegen.c index e2a43e5fc..3578c2794 100644 --- a/src/codegen.c +++ b/src/codegen.c @@ -446,8 +446,10 @@ new_lit(codegen_scope *s, mrb_value val) s->irep->pool = (mrb_value *)codegen_realloc(s, s->irep->pool, sizeof(mrb_value)*s->pcapa); } - pv = &s->irep->pool[s->irep->plen]; - i = s->irep->plen++; + if (&s->irep->pool[s->irep->plen] != NULL) { + pv = &s->irep->pool[s->irep->plen]; + i = s->irep->plen++; + } switch (mrb_type(val)) { case MRB_TT_STRING: -- cgit v1.2.3 From e344d662f11694d58ad5dc59a848721573419148 Mon Sep 17 00:00:00 2001 From: Jose Narvaez Date: Fri, 13 Jun 2014 10:50:26 +0100 Subject: Fixed dereference to null pointer in 'codegen.c' reported by 'clang-analyzer' --- src/codegen.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/codegen.c') diff --git a/src/codegen.c b/src/codegen.c index 3578c2794..2204ac4ed 100644 --- a/src/codegen.c +++ b/src/codegen.c @@ -477,7 +477,9 @@ new_msym(codegen_scope *s, mrb_sym sym) { size_t i, len; + if (s->irep == NULL) return 0; len = s->irep->slen; + if (len > 256) len = 256; for (i=0; iirep->syms[i] == sym) return i; -- cgit v1.2.3 From 13abc9c4a142bccd9610b2fbf12098c6e25caeeb Mon Sep 17 00:00:00 2001 From: Jose Narvaez Date: Fri, 13 Jun 2014 10:54:18 +0100 Subject: Revert "Fixed dereference to null pointer in 'codegen.c' reported by 'clang-analyzer'" This reverts commit 29f14e728d319d9fc80702ba78959c1957944767. --- src/codegen.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/codegen.c') diff --git a/src/codegen.c b/src/codegen.c index 2204ac4ed..814a74f6e 100644 --- a/src/codegen.c +++ b/src/codegen.c @@ -446,10 +446,8 @@ new_lit(codegen_scope *s, mrb_value val) s->irep->pool = (mrb_value *)codegen_realloc(s, s->irep->pool, sizeof(mrb_value)*s->pcapa); } - if (&s->irep->pool[s->irep->plen] != NULL) { - pv = &s->irep->pool[s->irep->plen]; - i = s->irep->plen++; - } + pv = &s->irep->pool[s->irep->plen]; + i = s->irep->plen++; switch (mrb_type(val)) { case MRB_TT_STRING: -- cgit v1.2.3 From 45b8562d8ddd2e92ceef4857ccaf6ac6050e116e Mon Sep 17 00:00:00 2001 From: Jose Narvaez Date: Fri, 13 Jun 2014 16:44:22 +0100 Subject: Using 'mrb_assert' instead of an returning 0 while checking s->irep in codegen.c. --- src/codegen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/codegen.c') diff --git a/src/codegen.c b/src/codegen.c index 814a74f6e..03c752826 100644 --- a/src/codegen.c +++ b/src/codegen.c @@ -475,9 +475,9 @@ new_msym(codegen_scope *s, mrb_sym sym) { size_t i, len; - if (s->irep == NULL) return 0; - len = s->irep->slen; + mrb_assert(s->irep); + len = s->irep->slen; if (len > 256) len = 256; for (i=0; iirep->syms[i] == sym) return i; -- cgit v1.2.3