master dcd9674 3/3: Fix crash with invalid bytecode vectors

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

master dcd9674 3/3: Fix crash with invalid bytecode vectors

From:	Paul Eggert
Subject:	master dcd9674 3/3: Fix crash with invalid bytecode vectors
Date:	Wed, 27 May 2020 12:51:20 -0400 (EDT)

branch: master
commit dcd96745b0c505da5343549410fdab070ca72ff5
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>

    Fix crash with invalid bytecode vectors
    
    * src/lread.c (read_vector): If the vector is to short to be for
    bytecodes don’t do bytecode processing for it, as the processing
    might run past the end of the vector.
---
 src/lread.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lread.c b/src/lread.c
index 53b4e1b..29dedda 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -3844,6 +3844,10 @@ read_vector (Lisp_Object readcharfun, bool bytecodeflag)
   ptrdiff_t size = list_length (tem);
   Lisp_Object vector = make_nil_vector (size);
 
+  /* Avoid accessing past the end of a vector if the vector is too
+     small to be valid for bytecode.  */
+  bytecodeflag &= COMPILED_STACK_DEPTH < size;
+
   Lisp_Object *ptr = XVECTOR (vector)->contents;
   for (ptrdiff_t i = 0; i < size; i++)
     {

[Prev in Thread]

Current Thread

[Next in Thread]

master updated (c5cf630 -> dcd9674), Paul Eggert, 2020/05/27
- master dcd9674 3/3: Fix crash with invalid bytecode vectors, Paul Eggert <=
- master 2244656 1/3: Omit unnecessary USE_LAB_TAG #if, Paul Eggert, 2020/05/27
- master 9d11f12 2/3: --with-wide-int is a no-op on 64-bit hosts, Paul Eggert, 2020/05/27

Prev by Date: feature/project-switching b7dffcb: Simplify the previous commit
Next by Date: master updated (c5cf630 -> dcd9674)
Previous by thread: master updated (c5cf630 -> dcd9674)
Next by thread: master 2244656 1/3: Omit unnecessary USE_LAB_TAG #if
Index(es):
- Date
- Thread