Mercurial > octave
changeset 32197:aa038131581c
VM: Prevent out-of-bounds read (patch #10365).
Prefetching of 'arg0' for single byte opcodes leads to reading past the end
of the array that stores the opcodes.
* libinterp/parse-tree/pt-bytecode-vm.cc (vm::execute_code): Append dummy
opcode.
author | Petter T. <petter.vilhelm@gmail.com> |
---|---|
date | Sat, 24 Jun 2023 01:19:50 +0200 |
parents | 4b48ab05ba02 |
children | 77cda48abf10 |
files | libinterp/parse-tree/pt-bytecode-walk.cc |
diffstat | 1 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/libinterp/parse-tree/pt-bytecode-walk.cc Thu Jun 15 11:11:37 2023 +0200 +++ b/libinterp/parse-tree/pt-bytecode-walk.cc Sat Jun 24 01:19:50 2023 +0200 @@ -2314,6 +2314,11 @@ // Set the amount of locals that has a placeholder since earlier SET_CODE_SHORT (m_offset_n_locals, m_n_locals); + // When the last byte of opcode, a 'RET', is to be executed, the VM reads the + // next byte of code and puts it in 'arg0'. So, we need to add a dummy + // opcode afterwards to prevent out-of-bounds reads. + PUSH_CODE (INSTR::RET); + // We want to add the locals to the scope in slot order // so we push all the locals' names to a vector by their slot // number @@ -4952,4 +4957,3 @@ PUSH_NEED_CONTINUE_TARGET (CODE_SIZE ()); PUSH_CODE_SHORT (-1); // Placeholder } -