From 3ccd61629b641613bcccbc51125330efab9c89a7 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Thu, 14 Jan 2021 10:05:50 -0500 Subject: sam: avoid out-of-bounds read in rterm Usually r->nused < r->nalloc and the read is in bounds. But it could in theory be right on the line and reading past the end of the allocation. Make it safe but preserve as much of the old semantics as possible. This use of rterm appears to be only for optimization purposes so the result does not matter for correctness. --- src/cmd/sam/rasp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/cmd') diff --git a/src/cmd/sam/rasp.c b/src/cmd/sam/rasp.c index c96101df..55d16cfb 100644 --- a/src/cmd/sam/rasp.c +++ b/src/cmd/sam/rasp.c @@ -283,8 +283,8 @@ rterm(List *r, Posn p1) for(p = 0,i = 0; inused && p+L(i)<=p1; p+=L(i++)) ; - if(i==r->nused && (i==0 || !T(i-1))) - return 0; + if(i==r->nused) + return i > 0 && T(i-1); return T(i); } -- cgit v1.2.3