Check before retrieving struct RRange pointer; fix #3320

range->edges may be NULL for example when #initialize_copy removed.
mruby · Dec 3, 2016 · 79a621dd739faf4cc0958e11d6a887331cf79e48 · 79a621d
1 parent 9776150
commit 79a621dd739faf4cc0958e11d6a887331cf79e48
Unified Split

Showing with 30 additions and 18 deletions.

+2 −1 include/mruby/range.h

+3 −3 mrbgems/mruby-range-ext/src/range.c

+25 −14 src/range.c
diff --git a/include/mruby/range.h b/include/mruby/range.h
@@ -25,7 +25,8 @@ struct RRange {
  mrb_bool excl : 1;
 };

-#define mrb_range_ptr(v)    ((struct RRange*)(mrb_ptr(v)))
+MRB_API struct RRange* mrb_range_ptr(mrb_state *mrb, mrb_value v);
+#define mrb_range_raw_ptr(v) ((struct RRange*)mrb_ptr(v))
 #define mrb_range_value(p)  mrb_obj_value((void*)(p))

 /*
diff --git a/mrbgems/mruby-range-ext/src/range.c b/mrbgems/mruby-range-ext/src/range.c
@@ -44,7 +44,7 @@ static mrb_value
 mrb_range_cover(mrb_state *mrb, mrb_value range)
 {
  mrb_value val;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);
  mrb_value beg, end;

  mrb_get_args(mrb, "o", &val);
@@ -87,7 +87,7 @@ mrb_range_last(mrb_state *mrb, mrb_value range)
 {
  mrb_value num;
  mrb_value array;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  if (mrb_get_args(mrb, "|o", &num) == 0) {
    return r->edges->end;
@@ -111,7 +111,7 @@ mrb_range_last(mrb_state *mrb, mrb_value range)
 static mrb_value
 mrb_range_size(mrb_state *mrb, mrb_value range)
 {
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);
  mrb_value beg, end;
  mrb_float beg_f, end_f;
  mrb_bool num_p = TRUE;
diff --git a/src/range.c b/src/range.c
@@ -12,6 +12,17 @@

 #define RANGE_CLASS (mrb_class_get(mrb, "Range"))

+MRB_API struct RRange*
+mrb_range_ptr(mrb_state *mrb, mrb_value v)
+{
+  struct RRange *r = (struct RRange*)mrb_ptr(v);
+
+  if (r->edges == NULL) {
+    mrb_raise(mrb, E_ARGUMENT_ERROR, "uninitialized range");
+  }
+  return r;
+}
+
 static void
 range_check(mrb_state *mrb, mrb_value a, mrb_value b)
 {
@@ -57,7 +68,7 @@ mrb_range_new(mrb_state *mrb, mrb_value beg, mrb_value end, mrb_bool excl)
 mrb_value
 mrb_range_beg(mrb_state *mrb, mrb_value range)
 {
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  return r->edges->beg;
 }
@@ -76,7 +87,7 @@ mrb_range_beg(mrb_state *mrb, mrb_value range)
 mrb_value
 mrb_range_end(mrb_state *mrb, mrb_value range)
 {
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  return r->edges->end;
 }
@@ -90,15 +101,15 @@ mrb_range_end(mrb_state *mrb, mrb_value range)
 mrb_value
 mrb_range_excl(mrb_state *mrb, mrb_value range)
 {
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  return mrb_bool_value(r->excl);
 }

 static void
 range_init(mrb_state *mrb, mrb_value range, mrb_value beg, mrb_value end, mrb_bool exclude_end)
 {
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_raw_ptr(range);

  range_check(mrb, beg, end);
  r->excl = exclude_end;
@@ -129,7 +140,7 @@ mrb_range_initialize(mrb_state *mrb, mrb_value range)
    exclusive = FALSE;
  }
  /* Ranges are immutable, so that they should be initialized only once. */
-  if (mrb_range_ptr(range)->edges) {
+  if (mrb_range_raw_ptr(range)->edges) {
    mrb_name_error(mrb, mrb_intern_lit(mrb, "initialize"), "`initialize' called twice");
  }
  range_init(mrb, range, beg, end, exclusive);
@@ -164,8 +175,8 @@ mrb_range_eq(mrb_state *mrb, mrb_value range)
    return mrb_false_value();
  }

-  rr = mrb_range_ptr(range);
-  ro = mrb_range_ptr(obj);
+  rr = mrb_range_ptr(mrb, range);
+  ro = mrb_range_ptr(mrb, obj);
  v1 = mrb_funcall(mrb, rr->edges->beg, "==", 1, ro->edges->beg);
  v2 = mrb_funcall(mrb, rr->edges->end, "==", 1, ro->edges->end);
  if (!mrb_bool(v1) || !mrb_bool(v2) || rr->excl != ro->excl) {
@@ -222,7 +233,7 @@ mrb_value
 mrb_range_include(mrb_state *mrb, mrb_value range)
 {
  mrb_value val;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);
  mrb_value beg, end;
  mrb_bool include_p;

@@ -241,7 +252,7 @@ static mrb_bool
 range_beg_len(mrb_state *mrb, mrb_value range, mrb_int *begp, mrb_int *lenp, mrb_int len, mrb_bool trunc)
 {
  mrb_int beg, end;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  if (mrb_type(range) != MRB_TT_RANGE) return FALSE;

@@ -287,7 +298,7 @@ static mrb_value
 range_to_s(mrb_state *mrb, mrb_value range)
 {
  mrb_value str, str2;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  str  = mrb_obj_as_string(mrb, r->edges->beg);
  str2 = mrb_obj_as_string(mrb, r->edges->end);
@@ -312,7 +323,7 @@ static mrb_value
 range_inspect(mrb_state *mrb, mrb_value range)
 {
  mrb_value str, str2;
-  struct RRange *r = mrb_range_ptr(range);
+  struct RRange *r = mrb_range_ptr(mrb, range);

  str  = mrb_inspect(mrb, r->edges->beg);
  str2 = mrb_inspect(mrb, r->edges->end);
@@ -352,8 +363,8 @@ range_eql(mrb_state *mrb, mrb_value range)
  }
  if (mrb_type(obj) != MRB_TT_RANGE) return mrb_false_value();

-  r = mrb_range_ptr(range);
-  o = mrb_range_ptr(obj);
+  r = mrb_range_ptr(mrb, range);
+  o = mrb_range_ptr(mrb, obj);
  if (!mrb_eql(mrb, r->edges->beg, o->edges->beg) ||
      !mrb_eql(mrb, r->edges->end, o->edges->end) ||
      (r->excl != o->excl)) {
@@ -376,7 +387,7 @@ range_initialize_copy(mrb_state *mrb, mrb_value copy)
    mrb_raise(mrb, E_TYPE_ERROR, "wrong argument class");
  }

-  r = mrb_range_ptr(src);
+  r = mrb_range_ptr(mrb, src);
  range_init(mrb, copy, r->edges->beg, r->edges->end, r->excl);

  return copy;