Permalink
Browse files

Fix buffer overrun.

The code relied on the check being done higher up, which it isn't any
more.
  • Loading branch information...
1 parent 6c4dc29 commit 6bd6a25aa06dc327c90b3d897b7c90d19e37524d @jnthn jnthn committed Mar 13, 2013
Showing with 8 additions and 0 deletions.
  1. +8 −0 src/guts/multi_dispatch.c
@@ -27,6 +27,10 @@ PMC * find_in_cache(PARROT_INTERP, NQP_md_cache *cache, PMC *capture, INTVAL num
/* If it's zero-arity, return result right off. */
if (num_args == 0)
return cache->zero_arity;
+
+ /* If there's more args than the maximum, won't be in the cache. */
+ if (num_args > MD_CACHE_MAX_ARITY)
+ return NULL;
/* Create arg tuple. */
if (capture->vtable->base_type == enum_class_CallContext)
@@ -89,6 +93,10 @@ void add_to_cache(PARROT_INTERP, NQP_md_cache *cache, PMC *capture, INTVAL num_a
return;
}
+ /* If there's more args than the maximum, we can't cache it. */
+ if (num_args > MD_CACHE_MAX_ARITY)
+ return;
+
/* If the cache is saturated, don't do anything (we could instead do a random
* replacement). */
entries = cache->arity_caches[num_args - 1].num_entries;

0 comments on commit 6bd6a25

Please sign in to comment.