Commit 3d5fc37b authored by Richard M. Stallman's avatar Richard M. Stallman
Browse files

(Fbyte_code): Add error check for jumping out of range.

parent 0e5f305e
...@@ -258,6 +258,10 @@ Lisp_Object Qbytecode; ...@@ -258,6 +258,10 @@ Lisp_Object Qbytecode;
if (consing_since_gc > gc_cons_threshold) \ if (consing_since_gc > gc_cons_threshold) \
Fgarbage_collect (); Fgarbage_collect ();
/* Check for jumping out of range. */
#define CHECK_RANGE(ARG) \
if (ARG >= bytestr_length) abort ()
DEFUN ("byte-code", Fbyte_code, Sbyte_code, 3, 3, 0, DEFUN ("byte-code", Fbyte_code, Sbyte_code, 3, 3, 0,
"Function used internally in byte-compiled code.\n\ "Function used internally in byte-compiled code.\n\
The first argument, BYTESTR, is a string of byte code;\n\ The first argument, BYTESTR, is a string of byte code;\n\
...@@ -288,6 +292,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -288,6 +292,7 @@ If the third argument is incorrect, Emacs may crash.")
/* Cached address of beginning of string, /* Cached address of beginning of string,
valid if BYTESTR equals STRING_SAVED. */ valid if BYTESTR equals STRING_SAVED. */
register unsigned char *strbeg; register unsigned char *strbeg;
int bytestr_length = XSTRING (bytestr)->size;
CHECK_STRING (bytestr, 0); CHECK_STRING (bytestr, 0);
if (!VECTORP (vector)) if (!VECTORP (vector))
...@@ -441,6 +446,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -441,6 +446,7 @@ If the third argument is incorrect, Emacs may crash.")
MAYBE_GC (); MAYBE_GC ();
QUIT; QUIT;
op = FETCH2; /* pc = FETCH2 loses since FETCH2 contains pc++ */ op = FETCH2; /* pc = FETCH2 loses since FETCH2 contains pc++ */
CHECK_RANGE (op);
pc = XSTRING (string_saved)->data + op; pc = XSTRING (string_saved)->data + op;
break; break;
...@@ -450,6 +456,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -450,6 +456,7 @@ If the third argument is incorrect, Emacs may crash.")
if (NILP (POP)) if (NILP (POP))
{ {
QUIT; QUIT;
CHECK_RANGE (op);
pc = XSTRING (string_saved)->data + op; pc = XSTRING (string_saved)->data + op;
} }
break; break;
...@@ -460,6 +467,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -460,6 +467,7 @@ If the third argument is incorrect, Emacs may crash.")
if (!NILP (POP)) if (!NILP (POP))
{ {
QUIT; QUIT;
CHECK_RANGE (op);
pc = XSTRING (string_saved)->data + op; pc = XSTRING (string_saved)->data + op;
} }
break; break;
...@@ -470,6 +478,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -470,6 +478,7 @@ If the third argument is incorrect, Emacs may crash.")
if (NILP (TOP)) if (NILP (TOP))
{ {
QUIT; QUIT;
CHECK_RANGE (op);
pc = XSTRING (string_saved)->data + op; pc = XSTRING (string_saved)->data + op;
} }
else DISCARD (1); else DISCARD (1);
...@@ -481,6 +490,7 @@ If the third argument is incorrect, Emacs may crash.") ...@@ -481,6 +490,7 @@ If the third argument is incorrect, Emacs may crash.")
if (!NILP (TOP)) if (!NILP (TOP))
{ {
QUIT; QUIT;
CHECK_RANGE (op);
pc = XSTRING (string_saved)->data + op; pc = XSTRING (string_saved)->data + op;
} }
else DISCARD (1); else DISCARD (1);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment