kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

yjit_codegen.c: Prevent a possible out-of-bound access

Browse source 
The code attempts to read `C_ARG_REGS[leaf_builtin->argc + 1]`, and the
size of `C_ARG_REGS` is `NUM_C_ARG_REGS`.  So, the guard condition must
be `leaf_builtin->argc + 1 + 1 <= NUM_C_ARG_REGS`.

This change fixes the off-by-one error. This issue was found by Coverity
Scan.
This commit is contained in:
Yusuke Endoh 2022-02-17 00:36:08 +09:00
parent fabf60c93b
commit 5f01fba001
Notes: git 2022-02-17 01:44:22 +09:00
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
yjit_codegen.c
View file

@ -3702,7 +3702,7 @@ gen_send_iseq(jitstate_t *jit, ctx_t *ctx, const struct rb_callinfo *ci, const r
const struct rb_builtin_function *leaf_builtin = rb_leaf_builtin_function(iseq);
if (leaf_builtin && !block && leaf_builtin->argc + 1 <= NUM_C_ARG_REGS) {
if (leaf_builtin && !block && leaf_builtin->argc + 1 /* for self */ + 1 /* for ec */ <= NUM_C_ARG_REGS) {
ADD_COMMENT(cb, "inlined leaf builtin");
// Call the builtin func (ec, recv, arg1, arg2, ...)