From 2da31e82fa52411a49b7564cb5cbf4bdb4a0ff2d Mon Sep 17 00:00:00 2001 From: pcpa Date: Fri, 18 Jan 2013 18:26:14 -0200 Subject: [PATCH] Correct reference to dangling pointer and better note bounds checking lib/jit_note.c: Correct bounds check and wrong code keeping a pointer that could be changed after a realloc call. --- ChangeLog | 5 +++++ lib/jit_note.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e960428a..84d3c4391 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-01-18 Paulo Andrade + + lib/jit_note.c: Correct bounds check and wrong code keeping + a pointer that could be changed after a realloc call. + 2013-01-18 Paulo Andrade * check/3to2.tst, check/add.tst, check/allocai.tst, check/bp.tst, diff --git a/lib/jit_note.c b/lib/jit_note.c index 08b535d25..29bdc3f55 100644 --- a/lib/jit_note.c +++ b/lib/jit_note.c @@ -195,10 +195,10 @@ _new_note(jit_state_t *_jit, jit_uint8_t *code, char *name) _jit->note.ptr = malloc(sizeof(jit_note_t) * 8); } else { - prev = _jit->note.ptr + _jit->note.length - 1; if ((_jit->note.length & 7) == 7) _jit->note.ptr = realloc(_jit->note.ptr, sizeof(jit_note_t) * (_jit->note.length + 9)); + prev = _jit->note.ptr + _jit->note.length - 1; } if (prev) { assert(code >= prev->code); @@ -255,7 +255,7 @@ _note_search_index(jit_state_t *_jit, jit_uint8_t *code) if (code < notes[index].code) top = index; else if (code >= notes[index].code && - code - notes[index].code <= notes[index].size) + code - notes[index].code < notes[index].size) break; else bot = index + 1;