From 2cdcc16bc236e7277342077c1f6aab2fc3e93cda Mon Sep 17 00:00:00 2001 From: David Given Date: Mon, 16 Jan 2017 22:44:37 +0100 Subject: [PATCH] Fix a buffer overrun that was manifesting on OpenBSD; also fix a bounds check and some uninitialised variable problems. --- mach/proto/ncg/codegen.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/mach/proto/ncg/codegen.c b/mach/proto/ncg/codegen.c index 8c7958cf2..95a3c012d 100644 --- a/mach/proto/ncg/codegen.c +++ b/mach/proto/ncg/codegen.c @@ -66,8 +66,7 @@ short* set_val; char* set_flag; #endif -unsigned codegen(codep, ply, toplevel, costlimit, forced) byte* codep; -unsigned costlimit; +unsigned codegen(byte* codep, int ply, int toplevel, unsigned costlimit, int forced) { #ifndef NDEBUG byte* origcp = codep; @@ -75,7 +74,7 @@ unsigned costlimit; #endif unsigned totalcost = 0; int inscoerc = 0; - int procarg[MAXPROCARG + 1]; + int procarg[MAXPROCARG + 1] = {}; #ifdef ALLOW_NEXTEM static int paniced; char* savebp = 0; @@ -328,7 +327,6 @@ unsigned costlimit; tokpatlen = (codep[-1] >> 5) & 07; for (i = 0; i < tokpatlen; i++) getint(tokexp[i], codep); - tokexp[i] = 0; tp = &fakestack[stackheight - 1]; i = 0; while (i < tokpatlen && tp >= fakestack) @@ -860,7 +858,7 @@ unsigned costlimit; swtxt(); if (stringno > 10000) { - assert(stringno < 100001 + MAXPROCARG); + assert(stringno < 10001 + MAXPROCARG); genstr(procarg[stringno - 10001]); } else