wingo pushed a commit to branch lightning
in repository guile.
commit 2da31e82fa52411a49b7564cb5cbf4bdb4a0ff2d
Author: pcpa <[email protected]>
Date: Fri Jan 18 18:26:14 2013 -0200
Correct reference to dangling pointer and better note bounds checking
lib/jit_note.c: Correct bounds check and wrong code keeping
a pointer that could be changed after a realloc call.
---
ChangeLog | 5 +++++
lib/jit_note.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5e96042..84d3c43 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2013-01-18 Paulo Andrade <[email protected]>
+ lib/jit_note.c: Correct bounds check and wrong code keeping
+ a pointer that could be changed after a realloc call.
+
+2013-01-18 Paulo Andrade <[email protected]>
+
* check/3to2.tst, check/add.tst, check/allocai.tst, check/bp.tst,
check/call.tst, check/ccall.c, check/clobber.tst, check/divi.tst,
check/fib.tst, check/ldsti.tst, check/ldstr-c.tst, check/ldstr.tst,
diff --git a/lib/jit_note.c b/lib/jit_note.c
index 08b535d..29bdc3f 100644
--- a/lib/jit_note.c
+++ b/lib/jit_note.c
@@ -195,10 +195,10 @@ _new_note(jit_state_t *_jit, jit_uint8_t *code, char
*name)
_jit->note.ptr = malloc(sizeof(jit_note_t) * 8);
}
else {
- prev = _jit->note.ptr + _jit->note.length - 1;
if ((_jit->note.length & 7) == 7)
_jit->note.ptr = realloc(_jit->note.ptr, sizeof(jit_note_t) *
(_jit->note.length + 9));
+ prev = _jit->note.ptr + _jit->note.length - 1;
}
if (prev) {
assert(code >= prev->code);
@@ -255,7 +255,7 @@ _note_search_index(jit_state_t *_jit, jit_uint8_t *code)
if (code < notes[index].code)
top = index;
else if (code >= notes[index].code &&
- code - notes[index].code <= notes[index].size)
+ code - notes[index].code < notes[index].size)
break;
else
bot = index + 1;
