Permalink
Browse files

Fix segfault when undef is called with exactly 127 arguments

The issue is that when there are more than 126 arguments an array needs
to be created to pass the arguments on with.

Reported by https://hackerone.com/revskills
  • Loading branch information...
bouk committed Dec 7, 2016
1 parent db6b6ff commit c8da3c4df4f8cb6f6d00c70e75606c59f9888509
Showing with 30 additions and 2 deletions.
  1. +20 −2 mrbgems/mruby-compiler/core/codegen.c
  2. +10 −0 test/t/codegen.rb
@@ -2560,13 +2560,31 @@ codegen(codegen_scope *s, node *tree, int val)
genop(s, MKOP_A(OP_TCLASS, cursp()));
push();
while (t) {
int symbol = new_msym(s, sym(t->car));
int symbol;
if (num >= CALL_MAXARGS - 1) {
pop_n(num);
genop(s, MKOP_ABC(OP_ARRAY, cursp(), cursp(), num));
while (t) {
symbol = new_msym(s, sym(t->car));
push();
genop(s, MKOP_ABx(OP_LOADSYM, cursp(), symbol));
pop();
genop(s, MKOP_AB(OP_ARYPUSH, cursp(), cursp()+1));
t = t->cdr;
}
num = CALL_MAXARGS;
break;
}
symbol = new_msym(s, sym(t->car));
genop(s, MKOP_ABx(OP_LOADSYM, cursp(), symbol));
push();
t = t->cdr;
num++;
}
pop_n(num + 1);
pop();
if (num < CALL_MAXARGS) {
pop_n(num);
}
genop(s, MKOP_ABC(OP_SEND, cursp(), undef, num));
if (val) {
push();
View
@@ -63,3 +63,13 @@ def args_to_ary(*args)
assert_equal [1], a
end
assert('undef with 127 or more arguments') do
assert_raise NameError do
undef
a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a,
a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a,
a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a,
a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a, a
end
end

0 comments on commit c8da3c4

Please sign in to comment.