From f1e953d0cf7f5669a55b1337a87e646c1262d139 Mon Sep 17 00:00:00 2001 From: "Kartik K. Agaram" Date: Wed, 22 Apr 2015 22:34:34 -0700 Subject: 1146 - yet another out-of-bounds access There's a test in this commit, but it doesn't actually fail, because by some accident the memory at index 2 of recipe 'f' has data at the is_label offset and breaks out of the loop. Graah. How did I ever misplace that "Reading One Instruction" waypoint? I could swear I was concerned about this possibility when I implemented calls. Today has been tough on my confidence. STL helps avoid memory leaks but doesn't help with buffer overflows nearly as much as I thought. Oh brilliant, valgrind caught the problem! And there weren't any others. I feel much better. --- cpp/035call | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'cpp/035call') diff --git a/cpp/035call b/cpp/035call index efb4a2a7..d5867f80 100644 --- a/cpp/035call +++ b/cpp/035call @@ -9,6 +9,24 @@ recipe f [ ] +mem: storing 4 in location 3 +:(scenario "return_on_fallthrough") +recipe main [ + f + 1:integer <- copy 34:literal + 2:integer <- copy 34:literal + 3:integer <- copy 34:literal +] +recipe f [ + 4:integer <- copy 34:literal + 5:integer <- copy 34:literal +] ++run: instruction main/0 ++run: instruction f/0 ++run: instruction f/1 ++run: instruction main/1 ++run: instruction main/2 ++run: instruction main/3 + :(before "struct routine {") // Everytime a recipe runs another, we interrupt it and start running the new // recipe. When that finishes, we continue this one where we left off. @@ -65,15 +83,18 @@ inline bool done(routine& rr) { return rr.calls.empty(); } -:(before "Running one instruction") +:(before "Running One Instruction") // when we reach the end of one call, we may reach the end of the one below // it, and the one below that, and so on +//? trace("foo") << "0: " << pc << " " << &pc; //? 1 while (running_at(rr) >= steps(rr).size()) { +//? trace("foo") << "pop"; //? 1 rr.calls.pop(); if (rr.calls.empty()) return; // todo: no results returned warning ++running_at(rr); } +//? trace("foo") << "1: " << pc << " " << &pc; //? 1 :(before "End Includes") #include -- cgit 1.4.1-2-gfad0