Buffer overflow when optimising `or` nodes
jeberger opened this issue · 1 comments
jeberger commented
gcc's -fsanitize=address
option reports a buffer overflow in mpc_optimise
for or
nodes. Moreover, it looks like the optimisation keeps some child nodes twice and forgets some others. The following patch fixes both issues:
--- a/mpc.c Tue Mar 13 15:20:47 2018 +0100
+++ b/mpc.c Wed Mar 14 10:00:22 2018 +0100
@@ -3725,7 +3725,7 @@
n = p->data.or.n; m = t->data.or.n;
p->data.or.n = n + m - 1;
p->data.or.xs = realloc(p->data.or.xs, sizeof(mpc_parser_t*) * (n + m -1));
- memmove(p->data.or.xs + m, t->data.or.xs + 1, n * sizeof(mpc_parser_t*));
+ memmove(p->data.or.xs + m, p->data.or.xs + 1, (n - 1) * sizeof(mpc_parser_t*));
memmove(p->data.or.xs, t->data.or.xs, m * sizeof(mpc_parser_t*));
free(t->data.or.xs); free(t->name); free(t);
continue;
orangeduck commented
Hi jeberger,
Thank you for your two patches - both look good - would you be interested in opening these as pull requests?
Thanks,
Dan