Susumu Yata
null+****@clear*****
Mon Nov 20 14:08:37 JST 2017
Susumu Yata 2017-11-20 14:08:37 +0900 (Mon, 20 Nov 2017) New Revision: 3e5e211e046f9e98fe319537753d4a209744e46c https://github.com/groonga/groonga/commit/3e5e211e046f9e98fe319537753d4a209744e46c Message: expr: fix a bug that in_values with too many arguments can cause a crash GitHub: fix #780 Modified files: lib/expr.c Modified: lib/expr.c (+2 -0) =================================================================== --- lib/expr.c 2017-11-17 11:48:11 +0900 (810ac5a35) +++ lib/expr.c 2017-11-20 14:08:37 +0900 (41e49ec3f) @@ -1508,6 +1508,7 @@ grn_proc_call(grn_ctx *ctx, grn_obj *proc, int nargs, grn_obj *caller) if (vp - e->values > e->values_tail) { e->values_tail = vp - e->values; }\ }\ s1 = s0;\ + if (sp >= s_ + GRN_STACK_SIZE) { ERR(GRN_INVALID_ARGUMENT, "stack overflow"); goto exit; }\ *sp++ = s0 = v;\ } while (0) @@ -1522,6 +1523,7 @@ grn_proc_call(grn_ctx *ctx, grn_obj *proc, int nargs, grn_obj *caller) #define ALLOC1(value) do {\ s1 = s0;\ + if (sp >= s_ + GRN_STACK_SIZE) { ERR(GRN_INVALID_ARGUMENT, "stack overflow"); goto exit; }\ *sp++ = s0 = value = vp++;\ if (vp - e->values > e->values_tail) { e->values_tail = vp - e->values; }\ } while (0) -------------- next part -------------- HTML����������������������������... URL: https://lists.osdn.me/mailman/archives/groonga-commit/attachments/20171120/cf9827c7/attachment.htm
