changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: gs: fix missing type check in ztype (thanks jsmoody)

changeset 7254: 03b53375c4f5
parent 7253: 986e26228cfe
child 7255: 9e9a8e0c78f1
author: cinap_lenrek@felloff.net
date: Fri, 24 May 2019 14:17:18 +0200
files: sys/src/cmd/gs/src/ztype.c
description: gs: fix missing type check in ztype (thanks jsmoody)

to reproduce:

gs <<.
null [[][][][][][][][][][][][][][][]] .type
.
     1.1--- a/sys/src/cmd/gs/src/ztype.c
     1.2+++ b/sys/src/cmd/gs/src/ztype.c
     1.3@@ -77,14 +77,15 @@ ztype(i_ctx_t *i_ctx_p)
     1.4 	/* Must be either a stack underflow or a t_[a]struct. */
     1.5 	check_op(2);
     1.6 	{			/* Get the type name from the structure. */
     1.7-	    const char *sname =
     1.8-		gs_struct_type_name_string(gs_object_type(imemory,
     1.9-							  op[-1].value.pstruct));
    1.10-	    int code = name_ref(imemory, (const byte *)sname, strlen(sname),
    1.11-				(ref *) (op - 1), 0);
    1.12-
    1.13-	    if (code < 0)
    1.14-		return code;
    1.15+	    if ((r_has_type(&op[-1], t_struct) || r_has_type(&op[-1], t_astruct))
    1.16+	    && op[-1].value.pstruct != 0x00) {
    1.17+		const char *sname =
    1.18+		    gs_struct_type_name_string(gs_object_type(imemory, op[-1].value.pstruct));
    1.19+		code = name_ref(imemory, (const byte *)sname, strlen(sname), (ref *) (op - 1), 0);
    1.20+		if (code < 0)
    1.21+		    return code;
    1.22+	    } else
    1.23+		return_error(e_stackunderflow);
    1.24 	}
    1.25 	r_set_attrs(op - 1, a_executable);
    1.26     } else {
    1.27@@ -350,6 +351,8 @@ zcvrs(i_ctx_t *i_ctx_p)
    1.28 		    pop(2);
    1.29 		    return 0;
    1.30 		}
    1.31+	    case t__invalid:
    1.32+		return_error(e_stackunderflow);
    1.33 	    default:
    1.34 		return_op_typecheck(op - 2);
    1.35 	}
    1.36@@ -371,6 +374,8 @@ zcvrs(i_ctx_t *i_ctx_p)
    1.37 			return_error(e_rangecheck);
    1.38 		    ival = (ulong) (long)fval;
    1.39 		} break;
    1.40+	    case t__invalid:
    1.41+		return_error(e_stackunderflow);
    1.42 	    default:
    1.43 		return_op_typecheck(op - 2);
    1.44 	}