shithub: mc

Download patch

ref: 89182b0cf8f7adf2f8a4708d750452d9a226aeea
parent: fd84fa03901b4b8a72a54552f302755d6c84aeba
author: Ori Bernstein <[email protected]>
date: Sat Jan 23 20:55:39 EST 2016

Fix crash with lengthless arrays.

    It's not just pointers that have no upper bound.

--- a/6/simp.c
+++ b/6/simp.c
@@ -948,7 +948,7 @@
 {
 	Node *t;
 	Node *start, *end;
-	Node *seq, *base, *sz, *len;
+	Node *seq, *base, *sz, *len, *max;
 	Node *stbase, *stlen;
 
 	if (dst)
@@ -965,11 +965,13 @@
 	len = sub(end, start);
 	/* we can be storing through a pointer, in the case
 	 * of '*foo = bar'. */
+	max = seqlen(s, seq, tyword);
+	if (max)
+		checkidx(s, Ole, max, end);
 	if (tybase(exprtype(t))->type == Typtr) {
 		stbase = set(simpcast(s, t, mktyptr(t->loc, tyintptr)), base);
 		sz = addk(simpcast(s, t, mktyptr(t->loc, tyintptr)), Ptrsz);
 	} else {
-		checkidx(s, Ole, seqlen(s, seq, tyword), end);
 		stbase = set(deref(addr(s, t, tyintptr), NULL), base);
 		sz = addk(addr(s, t, tyintptr), Ptrsz);
 	}