[Emacs-diffs] emacs-25 d443710: Do more checks on bytecode objects (Bug#

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] emacs-25 d443710: Do more checks on bytecode objects (Bug#

From:	Andreas Schwab
Subject:	[Emacs-diffs] emacs-25 d443710: Do more checks on bytecode objects (Bug#21929)
Date:	Mon, 16 Nov 2015 23:19:23 +0000

branch: emacs-25
commit d443710169d98e73869247fd80e27914f25b784e
Author: Andreas Schwab <address@hidden>
Commit: Andreas Schwab <address@hidden>

    Do more checks on bytecode objects (Bug#21929)
    
    * src/eval.c (funcall_lambda): Check size of compiled function
    object.
    (Ffetch_bytecode): Likewise.
---
 src/eval.c |   29 +++++++++++++++++++----------
 1 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/eval.c b/src/eval.c
index ac98ca1..d460048 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -2792,6 +2792,9 @@ funcall_lambda (Lisp_Object fun, ptrdiff_t nargs,
     }
   else if (COMPILEDP (fun))
     {
+      ptrdiff_t size = ASIZE (fun) & PSEUDOVECTOR_SIZE_MASK;
+      if (size <= COMPILED_STACK_DEPTH)
+       xsignal1 (Qinvalid_function, fun);
       syms_left = AREF (fun, COMPILED_ARGLIST);
       if (INTEGERP (syms_left))
        /* A byte-code object with a non-nil `push args' slot means we
@@ -2889,19 +2892,25 @@ DEFUN ("fetch-bytecode", Ffetch_bytecode, 
Sfetch_bytecode,
 {
   Lisp_Object tem;
 
-  if (COMPILEDP (object) && CONSP (AREF (object, COMPILED_BYTECODE)))
+  if (COMPILEDP (object))
     {
-      tem = read_doc_string (AREF (object, COMPILED_BYTECODE));
-      if (!CONSP (tem))
+      ptrdiff_t size = ASIZE (object) & PSEUDOVECTOR_SIZE_MASK;
+      if (size <= COMPILED_STACK_DEPTH)
+       xsignal1 (Qinvalid_function, object);
+      if (CONSP (AREF (object, COMPILED_BYTECODE)))
        {
-         tem = AREF (object, COMPILED_BYTECODE);
-         if (CONSP (tem) && STRINGP (XCAR (tem)))
-           error ("Invalid byte code in %s", SDATA (XCAR (tem)));
-         else
-           error ("Invalid byte code");
+         tem = read_doc_string (AREF (object, COMPILED_BYTECODE));
+         if (!CONSP (tem))
+           {
+             tem = AREF (object, COMPILED_BYTECODE);
+             if (CONSP (tem) && STRINGP (XCAR (tem)))
+               error ("Invalid byte code in %s", SDATA (XCAR (tem)));
+             else
+               error ("Invalid byte code");
+           }
+         ASET (object, COMPILED_BYTECODE, XCAR (tem));
+         ASET (object, COMPILED_CONSTANTS, XCDR (tem));
        }
-      ASET (object, COMPILED_BYTECODE, XCAR (tem));
-      ASET (object, COMPILED_CONSTANTS, XCDR (tem));
     }
   return object;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] emacs-25 d443710: Do more checks on bytecode objects (Bug#21929), Andreas Schwab <=

Prev by Date: [Emacs-diffs] emacs-25 c4b20fc: pcase.el: Fix edebugging of backquoted cons patterns
Next by Date: [Emacs-diffs] emacs-25 8ff888a: Improve fix for regex reentrancy abort
Previous by thread: [Emacs-diffs] emacs-25 c4b20fc: pcase.el: Fix edebugging of backquoted cons patterns
Next by thread: [Emacs-diffs] emacs-25 8ff888a: Improve fix for regex reentrancy abort
Index(es):
- Date
- Thread