suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Error checking in bytecode reader.

Browse Source 
Found by:
    fuzz.rkt -s 912673274  -f collects/setup/compiled/xref_rkt.zo
    fuzz.rkt -s 568444835  -f collects/syntax/scribblings/compiled/strip-context_scrbl.zo
    fuzz.rkt -s 1009851773 -f collects/mred/private/wx/cocoa/compiled/platform_rkt.zo
This commit is contained in:
Sam Tobin-Hochstadt 2012-06-19 13:02:21 -04:00
parent 19de3f9aa4
commit ac0bb2b98f
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/racket/src/marshal.c
View File

@ -1432,6 +1432,7 @@ static Scheme_Object *read_module(Scheme_Object *obj)
obj = SCHEME_CDR(obj); obj = SCHEME_CDR(obj);
nve = scheme_null; nve = scheme_null;
while (!SCHEME_NULLP(e)) { while (!SCHEME_NULLP(e)) {
if (!SCHEME_PAIRP(e)) return_NULL();
ne = read_module(SCHEME_CAR(e)); ne = read_module(SCHEME_CAR(e));
nve = scheme_make_pair(ne, nve); nve = scheme_make_pair(ne, nve);
e = SCHEME_CDR(e); e = SCHEME_CDR(e);
@ -1484,8 +1485,8 @@ static Scheme_Object *read_module(Scheme_Object *obj)
cnt = SCHEME_INT_VAL(SCHEME_CAR(obj)); cnt = SCHEME_INT_VAL(SCHEME_CAR(obj));
obj = SCHEME_CDR(obj); obj = SCHEME_CDR(obj);
if (cnt < 1) return_NULL(); if (cnt < 1 || cnt > 1000) return_NULL();
m->num_phases = cnt; m->num_phases = cnt;
exp_infos = MALLOC_N(Scheme_Module_Export_Info *, cnt); exp_infos = MALLOC_N(Scheme_Module_Export_Info *, cnt);
while (cnt--) { while (cnt--) {
@ -1499,6 +1500,8 @@ static Scheme_Object *read_module(Scheme_Object *obj)
if (!SCHEME_PAIRP(obj)) return_NULL(); if (!SCHEME_PAIRP(obj)) return_NULL();
cnt = SCHEME_INT_VAL(SCHEME_CAR(obj)); cnt = SCHEME_INT_VAL(SCHEME_CAR(obj));
obj = SCHEME_CDR(obj); obj = SCHEME_CDR(obj);
if (cnt < 1 || cnt > 1000) return_NULL();
while (cnt--) { while (cnt--) {
Scheme_Object *phase; Scheme_Object *phase;

5
src/racket/src/read.c
View File

@ -5106,8 +5106,13 @@ static void read_module_directory(Scheme_Object *port, Scheme_Hash_Table *ht, in
"read (compiled): multi-module directory tree is imbalanced"); "read (compiled): multi-module directory tree is imbalanced");
len = read_simple_number_from_port(port); len = read_simple_number_from_port(port);
if (len < 0)
scheme_read_err(port, NULL, -1, -1, -1, -1, 0, NULL,
"read (compiled): directory module name read failed");
s = scheme_malloc_atomic(len + 1); s = scheme_malloc_atomic(len + 1);
got = scheme_get_bytes(port, len, s, 0); got = scheme_get_bytes(port, len, s, 0);
if (got != len) if (got != len)
v = NULL; v = NULL;
else { else {