harec

[hare] Hare compiler, written in C11 for POSIX OSs
Log | Files | Refs | README | LICENSE
commit 6a23ad4504330166d04ca6b97e2e9df3b04b5ed7
parent 8befc456247c9203a36234add1f6016e6ffc260c
Author: Lassi Pulkkinen <lassi@pulk.fi>
Date:   Thu, 29 Dec 2022 07:54:56 +0200

Fix memcpy past end of source array in alloc(init, cap)

I can't think of a way to test for this that would fit in the test
suite, but the following gets caught by Valgrind memcheck when using
libc malloc:

const x = alloc([1, 2, 3]...);
alloc(x, 10);

Signed-off-by: Lassi Pulkkinen <lassi@pulk.fi>

Diffstat:

Msrc/gen.c | 4+++-


1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gen.c b/src/gen.c
@@ -447,9 +447,11 @@ gen_alloc_slice_at(struct gen_context *ctx,
 		};
 		gen_expr_at(ctx, expr->alloc.init, storage);
 	} else {
+		struct qbe_value copysize = mkqtmp(ctx, ctx->arch.ptr, ".%d");
+		pushi(ctx->current, &copysize, Q_MUL, &length, &isize, NULL);
 		struct qbe_value rtmemcpy = mkrtfunc(ctx, "rt.memcpy");
 		pushi(ctx->current, NULL, Q_CALL, &rtmemcpy,
-				&data, &initdata, &size, NULL);
+				&data, &initdata, &copysize, NULL);
 	}
 
 	if (!expand) {