ref: 89182b0cf8f7adf2f8a4708d750452d9a226aeea
parent: fd84fa03901b4b8a72a54552f302755d6c84aeba
author: Ori Bernstein <[email protected]>
date: Sat Jan 23 20:55:39 EST 2016
Fix crash with lengthless arrays. It's not just pointers that have no upper bound.
--- a/6/simp.c
+++ b/6/simp.c
@@ -948,7 +948,7 @@
{
Node *t;
Node *start, *end;
- Node *seq, *base, *sz, *len;
+ Node *seq, *base, *sz, *len, *max;
Node *stbase, *stlen;
if (dst)
@@ -965,11 +965,13 @@
len = sub(end, start);
/* we can be storing through a pointer, in the case
* of '*foo = bar'. */
+ max = seqlen(s, seq, tyword);
+ if (max)
+ checkidx(s, Ole, max, end);
if (tybase(exprtype(t))->type == Typtr) {
stbase = set(simpcast(s, t, mktyptr(t->loc, tyintptr)), base);
sz = addk(simpcast(s, t, mktyptr(t->loc, tyintptr)), Ptrsz);
} else {
- checkidx(s, Ole, seqlen(s, seq, tyword), end);
stbase = set(deref(addr(s, t, tyintptr), NULL), base);
sz = addk(addr(s, t, tyintptr), Ptrsz);
}