Module Name: src
Committed By: rillig
Date: Wed Jun 14 17:52:46 UTC 2023
Modified Files:
src/usr.bin/indent: parse.c
Log Message:
indent: fix out-of-bounds read when reducing a statement
Since parse.c 1.73 from today. The parser symbol psym_stmt_list that was
removed in that commit acted as a stop symbol, so that psyms_reduce_stmt
would save a memory access.
To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 src/usr.bin/indent/parse.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/indent/parse.c
diff -u src/usr.bin/indent/parse.c:1.74 src/usr.bin/indent/parse.c:1.75
--- src/usr.bin/indent/parse.c:1.74 Wed Jun 14 16:14:30 2023
+++ src/usr.bin/indent/parse.c Wed Jun 14 17:52:45 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.c,v 1.74 2023/06/14 16:14:30 rillig Exp $ */
+/* $NetBSD: parse.c,v 1.75 2023/06/14 17:52:45 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: parse.c,v 1.74 2023/06/14 16:14:30 rillig Exp $");
+__RCSID("$NetBSD: parse.c,v 1.75 2023/06/14 17:52:45 rillig Exp $");
#include <err.h>
@@ -116,7 +116,7 @@ static void
psyms_reduce(struct psym_stack *psyms)
{
again:
- if (psyms->sym[psyms->len - 1] == psym_stmt
+ if (psyms->len >= 2 && psyms->sym[psyms->len - 1] == psym_stmt
&& psyms_reduce_stmt(psyms))
goto again;
if (psyms->sym[psyms->len - 1] == psym_while_expr &&
