diff options
| author | Russ Cox <rsc@swtch.com> | 2021-01-14 10:05:50 -0500 |
|---|---|---|
| committer | Russ Cox <rsc@swtch.com> | 2021-01-14 10:05:50 -0500 |
| commit | 3ccd61629b641613bcccbc51125330efab9c89a7 (patch) | |
| tree | 58afc0266e867d2fa8fbeeb4efde3c961dc58840 | |
| parent | 6a80119eb509bd948d87ad1b84b0a82855a3c691 (diff) | |
| download | plan9port-3ccd61629b641613bcccbc51125330efab9c89a7.tar.gz plan9port-3ccd61629b641613bcccbc51125330efab9c89a7.tar.bz2 plan9port-3ccd61629b641613bcccbc51125330efab9c89a7.zip | |
sam: avoid out-of-bounds read in rterm
Usually r->nused < r->nalloc and the read is in bounds.
But it could in theory be right on the line and reading
past the end of the allocation.
Make it safe but preserve as much of the old semantics
as possible. This use of rterm appears to be only for
optimization purposes so the result does not matter
for correctness.
| -rw-r--r-- | src/cmd/sam/rasp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cmd/sam/rasp.c b/src/cmd/sam/rasp.c index c96101df..55d16cfb 100644 --- a/src/cmd/sam/rasp.c +++ b/src/cmd/sam/rasp.c @@ -283,8 +283,8 @@ rterm(List *r, Posn p1) for(p = 0,i = 0; i<r->nused && p+L(i)<=p1; p+=L(i++)) ; - if(i==r->nused && (i==0 || !T(i-1))) - return 0; + if(i==r->nused) + return i > 0 && T(i-1); return T(i); } |