From 5923956045015076d85c42ecab99bc0d27861eba Mon Sep 17 00:00:00 2001 From: ThorstenB Date: Mon, 9 Jan 2012 20:21:28 +0100 Subject: [PATCH] #587: don't crash on negative sizes --- simgear/nasal/code.c | 4 ++-- simgear/nasal/iolib.c | 2 +- simgear/nasal/lib.c | 6 +++--- simgear/nasal/nasal.h | 2 +- simgear/nasal/vector.c | 23 ++++++++++++++--------- 5 files changed, 21 insertions(+), 16 deletions(-) diff --git a/simgear/nasal/code.c b/simgear/nasal/code.c index e58f7ecb..782509da 100644 --- a/simgear/nasal/code.c +++ b/simgear/nasal/code.c @@ -269,7 +269,7 @@ static void setupArgs(naContext ctx, struct Frame* f, naRef* args, int nargs) args += c->nOptArgs; if(c->needArgVector || nargs > 0) { naRef argv = naNewVector(ctx); - naVec_setsize(argv, nargs > 0 ? nargs : 0); + naVec_setsize(ctx, argv, nargs > 0 ? nargs : 0); for(i=0; irec->array[i] = *args++; naiHash_newsym(PTR(f->locals).hash, &c->constants[c->restArgSym], &argv); @@ -349,7 +349,7 @@ static naRef evalCat(naContext ctx, naRef l, naRef r) if(IS_VEC(l) && IS_VEC(r)) { int i, ls = naVec_size(l), rs = naVec_size(r); naRef v = naNewVector(ctx); - naVec_setsize(v, ls + rs); + naVec_setsize(ctx, v, ls + rs); for(i=0; i naVec_size(v) - start) len = naVec_size(v) - start; result = naNewVector(c); - naVec_setsize(result, len); + naVec_setsize(c, result, len); for(i=0; irec->array[i] = sd.elems[sd.recs[i].i]; naFree(sd.recs); diff --git a/simgear/nasal/nasal.h b/simgear/nasal/nasal.h index a7741b49..6857013a 100644 --- a/simgear/nasal/nasal.h +++ b/simgear/nasal/nasal.h @@ -166,7 +166,7 @@ naRef naVec_get(naRef v, int i); void naVec_set(naRef vec, int i, naRef o); int naVec_append(naRef vec, naRef o); naRef naVec_removelast(naRef vec); -void naVec_setsize(naRef vec, int sz); +void naVec_setsize(naContext c, naRef vec, int sz); // Hash utilities: int naHash_size(naRef h); diff --git a/simgear/nasal/vector.c b/simgear/nasal/vector.c index df20c138..1a7546ae 100644 --- a/simgear/nasal/vector.c +++ b/simgear/nasal/vector.c @@ -69,16 +69,21 @@ int naVec_append(naRef vec, naRef o) return 0; } -void naVec_setsize(naRef vec, int sz) +void naVec_setsize(naContext c, naRef vec, int sz) { - int i; - struct VecRec* v = PTR(vec).vec->rec; - struct VecRec* nv = naAlloc(sizeof(struct VecRec) + sizeof(naRef) * sz); - nv->size = sz; - nv->alloced = sz; - for(i=0; iarray[i] = (v && i < v->size) ? v->array[i] : naNil(); - naGC_swapfree((void*)&(PTR(vec).vec->rec), nv); + if (sz < 0) + naRuntimeError(c, "size cannot be negative"); + else + { + int i; + struct VecRec* v = PTR(vec).vec->rec; + struct VecRec* nv = naAlloc(sizeof(struct VecRec) + sizeof(naRef) * sz); + nv->size = sz; + nv->alloced = sz; + for(i=0; iarray[i] = (v && i < v->size) ? v->array[i] : naNil(); + naGC_swapfree((void*)&(PTR(vec).vec->rec), nv); + } } naRef naVec_removelast(naRef vec)