[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master dcd9674 3/3: Fix crash with invalid bytecode vectors
From: |
Paul Eggert |
Subject: |
master dcd9674 3/3: Fix crash with invalid bytecode vectors |
Date: |
Wed, 27 May 2020 12:51:20 -0400 (EDT) |
branch: master
commit dcd96745b0c505da5343549410fdab070ca72ff5
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
Fix crash with invalid bytecode vectors
* src/lread.c (read_vector): If the vector is to short to be for
bytecodes don’t do bytecode processing for it, as the processing
might run past the end of the vector.
---
src/lread.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lread.c b/src/lread.c
index 53b4e1b..29dedda 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -3844,6 +3844,10 @@ read_vector (Lisp_Object readcharfun, bool bytecodeflag)
ptrdiff_t size = list_length (tem);
Lisp_Object vector = make_nil_vector (size);
+ /* Avoid accessing past the end of a vector if the vector is too
+ small to be valid for bytecode. */
+ bytecodeflag &= COMPILED_STACK_DEPTH < size;
+
Lisp_Object *ptr = XVECTOR (vector)->contents;
for (ptrdiff_t i = 0; i < size; i++)
{