diff options
| author | Gavin Howard <gavin@yzena.com> | 2021-07-25 14:30:58 -0600 |
|---|---|---|
| committer | Gavin Howard <gavin@yzena.com> | 2021-07-25 14:30:58 -0600 |
| commit | b9d3383a6cf0a6c055159596d0ef7802cce5bb04 (patch) | |
| tree | f6b99e4100253dac25ae53ae001d701ac36eb730 /src | |
| parent | af0d1c8025d257e7064f501d12298596936ab419 (diff) | |
| download | platform_external_bc-b9d3383a6cf0a6c055159596d0ef7802cce5bb04.tar.gz platform_external_bc-b9d3383a6cf0a6c055159596d0ef7802cce5bb04.tar.bz2 platform_external_bc-b9d3383a6cf0a6c055159596d0ef7802cce5bb04.zip | |
Fix a crash found by AFL++
This crash was caused by trying to do math with an assignment operator
on a variable that had a string stored inside. Easy fix.
Signed-off-by: Gavin Howard <gavin@yzena.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/program.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/program.c b/src/program.c index 9892912f..cb558ee0 100644 --- a/src/program.c +++ b/src/program.c @@ -1289,6 +1289,9 @@ static void bc_program_assign(BcProgram *p, uchar inst) { // If we have a normal assignment operator, not a math one... if (BC_INST_IS_ASSIGN(inst)) { + // Assigning to a variable that has a string here is fine because there + // is no math done on it. + // BC_RESULT_TEMP, BC_RESULT_IBASE, BC_RESULT_OBASE, BC_RESULT_SCALE, // and BC_RESULT_SEED all have temporary copies. Because that's the // case, we can free the left and just move the value over. We set the @@ -1315,6 +1318,11 @@ static void bc_program_assign(BcProgram *p, uchar inst) { // we need to prepare for a binary operator. BcBigDig scale = BC_PROG_SCALE(p); + // At this point, the left side could still be a string because it could + // be a variable that has the string. If that's the case, we have a type + // error. + if (BC_PROG_STR(l)) bc_err(BC_ERR_EXEC_TYPE); + // Get the right type of assignment operator, whether val is used or // NO_VAL for performance. if (!use_val) |