diff options
author | Gavin Howard <gavin@yzena.com> | 2021-07-25 14:02:41 -0600 |
---|---|---|
committer | Gavin Howard <gavin@yzena.com> | 2021-07-25 14:07:32 -0600 |
commit | fb9aa55a471bfabd959fe68974c2c371d7354493 (patch) | |
tree | ca6c613b401d423b6bf07c438dc8116bd6cdd405 /src | |
parent | b1d02e30947e056b82e2bcd307ee44cda1ade238 (diff) | |
download | platform_external_bc-fb9aa55a471bfabd959fe68974c2c371d7354493.tar.gz platform_external_bc-fb9aa55a471bfabd959fe68974c2c371d7354493.tar.bz2 platform_external_bc-fb9aa55a471bfabd959fe68974c2c371d7354493.zip |
Fix a crash in dc found by AFL++
This crash was caused by cleaning constants in other "functions"
(strings). It happened when a string of exactly the same text was used
again, which means it already had a function ready for it.
Unfortunately, since that function had stored constants, it expected
them to be there. They were not, as they had been cleaned.
But they should not have been cleaned; only the constants in main should
have been.
I found the problem: dc was still using the main const slab for all
constants, but it should not have been. This commit changes that.
Signed-off-by: Gavin Howard <gavin@yzena.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/parse.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/parse.c b/src/parse.c index bd9e8586..229c2e59 100644 --- a/src/parse.c +++ b/src/parse.c @@ -105,13 +105,9 @@ static void bc_parse_addNum(BcParse *p, const char *string) { BC_SIG_LOCK; -#if BC_ENABLED // Get the right slab. - slabs = p->fidx == BC_PROG_MAIN || p->fidx == BC_PROG_READ || BC_IS_DC ? + slabs = p->fidx == BC_PROG_MAIN || p->fidx == BC_PROG_READ ? &vm.main_const_slab : &vm.other_slabs; -#else // BC_ENABLED - slabs = &vm.main_const_slab; -#endif // BC_ENABLED // Push an empty constant. c = bc_vec_pushEmpty(consts); |