ref: c9a1045d499a2ef5330ee056abb94254a1052d0b
parent: e55778d67e8fb4ac0756420b3e52abb1ac02b9f8
author: cinap_lenrek <[email protected]>
date: Fri May 24 10:17:18 EDT 2019
gs: fix missing type check in ztype (thanks jsmoody) to reproduce: gs <<. null [[][][][][][][][][][][][][][][]] .type .
--- a/sys/src/cmd/gs/src/ztype.c
+++ b/sys/src/cmd/gs/src/ztype.c
@@ -77,14 +77,15 @@
/* Must be either a stack underflow or a t_[a]struct. */
check_op(2);
{ /* Get the type name from the structure. */- const char *sname =
- gs_struct_type_name_string(gs_object_type(imemory,
- op[-1].value.pstruct));
- int code = name_ref(imemory, (const byte *)sname, strlen(sname),
- (ref *) (op - 1), 0);
-
- if (code < 0)
- return code;
+ if ((r_has_type(&op[-1], t_struct) || r_has_type(&op[-1], t_astruct))
+ && op[-1].value.pstruct != 0x00) {+ const char *sname =
+ gs_struct_type_name_string(gs_object_type(imemory, op[-1].value.pstruct));
+ code = name_ref(imemory, (const byte *)sname, strlen(sname), (ref *) (op - 1), 0);
+ if (code < 0)
+ return code;
+ } else
+ return_error(e_stackunderflow);
}
r_set_attrs(op - 1, a_executable);
} else {@@ -350,6 +351,8 @@
pop(2);
return 0;
}
+ case t__invalid:
+ return_error(e_stackunderflow);
default:
return_op_typecheck(op - 2);
}
@@ -371,6 +374,8 @@
return_error(e_rangecheck);
ival = (ulong) (long)fval;
} break;
+ case t__invalid:
+ return_error(e_stackunderflow);
default:
return_op_typecheck(op - 2);
}