Skip to content

Commit

Permalink
vm: fix unaligned pointer cases and a buffer overrun
Browse files Browse the repository at this point in the history
  • Loading branch information
@LBCrion
LBCrion committed Dec 10, 2024
1 parent 531a42b commit dcefa33
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
8 changes: 4 additions & 4 deletions src/vm/parser.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,20 @@ static void parser_emit_string ( GByteArray *code, gchar *str )
static void parser_emit_numeric ( GByteArray *code, gdouble numeric )
{
guchar data[sizeof(value_t)+1];
value_t *value = (value_t *)(data+1);
value_t value;

data[0] = EXPR_OP_IMMEDIATE;
*value = value_new_numeric(numeric);
value = value_new_numeric(numeric);
memcpy(data+1, &value, sizeof(value_t));
g_byte_array_append(code, data, sizeof(value_t)+1);
}

static void parser_emit_na ( GByteArray *code )
{
guchar data[sizeof(value_t)+1];
value_t *value = (value_t *)(data+1);

data[0] = EXPR_OP_IMMEDIATE;
*value = value_na;
memcpy(data+1, &value_na, sizeof(value_t));
g_byte_array_append(code, data, sizeof(value_t)+1);
}

Expand Down
11 changes: 7 additions & 4 deletions src/vm/vm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,14 +212,17 @@ static void vm_immediate ( vm_t *vm )
{
value_t v1;

memcpy(&v1, vm->ip+1, sizeof(value_t));
if(value_is_string(v1))
if(*(vm->ip+1) != EXPR_TYPE_STRING)
{
memcpy(&v1, vm->ip+1, sizeof(value_t));
vm->ip+=sizeof(value_t);
}
else
{
v1.type = EXPR_TYPE_STRING;
v1.value.string = g_strdup((gchar *)vm->ip+2);
vm->ip += strlen(value_get_string(v1))+2;
}
else
vm->ip+=sizeof(value_t);
vm_push(vm, v1);
}

Expand Down

0 comments on commit dcefa33

Please sign in to comment.