diff options
| author | Gavin Howard <gavin@yzena.com> | 2021-07-25 08:36:23 -0600 |
|---|---|---|
| committer | Gavin Howard <gavin@yzena.com> | 2021-07-25 08:37:45 -0600 |
| commit | f46644247f95ba520e4e8938730fa35e534668ba (patch) | |
| tree | 820638a92d7d8bb6a919a27879df0cac3b259596 /src | |
| parent | 66f0d07f311bffd94c2fb71c5560be8b0efa41de (diff) | |
| download | platform_external_bc-f46644247f95ba520e4e8938730fa35e534668ba.tar.gz platform_external_bc-f46644247f95ba520e4e8938730fa35e534668ba.tar.bz2 platform_external_bc-f46644247f95ba520e4e8938730fa35e534668ba.zip | |
Fix a crash found by AFL++
This crash was caused by a value needing to be used after an assignment
to a string, which never needed a value used again before because only
dc did it. So this commit changes it so another string is pushed, if
necessary.
This commit also adds a test for it. It's not an error test; it's just a
normal test added to bc's strings test.
Signed-off-by: Gavin Howard <gavin@yzena.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/program.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/program.c b/src/program.c index 351d171f..afc48240 100644 --- a/src/program.c +++ b/src/program.c @@ -1300,6 +1300,17 @@ static void bc_program_assign(BcProgram *p, uchar inst) { bc_program_assignStr(p, loc, v, false); } +#if BC_ENABLED + + // If this is true, the value is going to be used again, so we want to + // push a temporary with the string. + if (inst == BC_INST_ASSIGN) { + res.t = BC_RESULT_STR; + res.d.loc = loc; + bc_vec_push(&p->results, &res); + } +#endif // BC_ENABLED + // By using bc_program_assignStr(), we short-circuited this, so return. return; } |