Skip to content

Commit

Permalink
check ctr sizes in do_run_io
Browse files Browse the repository at this point in the history
amazingly this bug hadn't been caught before. we were not checking the
number of arguments in `ctr` before accessing them, therefore accessing
meaningless memory regions, which could lead to infinite loops as
nothing would be reduced and the same "interaction" would be attempted
endlessly.
  • Loading branch information
enricozb committed Aug 6, 2024
1 parent 7846b50 commit 888b2a4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
7 changes: 6 additions & 1 deletion src/run.c
Original file line number Diff line number Diff line change
Expand Up @@ -752,7 +752,7 @@ void do_run_io(Net* net, Book* book, Port port) {
Ctr ctr = readback_ctr(net, book, peek(net, port));

// Checks if IO Magic Number is a CON
if (get_tag(ctr.args_buf[0]) != CON) {
if (ctr.args_len < 1 || get_tag(ctr.args_buf[0]) != CON) {
break;
}

Expand All @@ -765,6 +765,11 @@ void do_run_io(Net* net, Book* book, Port port) {

switch (ctr.tag) {
case IO_CALL: {
if (ctr.args_len != 4) {
fprintf(stderr, "invalid IO_CALL: args_len = %u\n", ctr.args_len);
break;
}

Str func = readback_str(net, book, ctr.args_buf[1]);
FFn* ffn = NULL;
// FIXME: optimize this linear search
Expand Down
7 changes: 6 additions & 1 deletion src/run.cu
Original file line number Diff line number Diff line change
Expand Up @@ -869,7 +869,7 @@ void do_run_io(GNet* gnet, Book* book, Port port) {
Ctr ctr = gnet_readback_ctr(gnet, gnet_peek(gnet, port));

// Checks if IO Magic Number is a CON
if (get_tag(ctr.args_buf[0]) != CON) {
if (ctr.args_len < 1 || get_tag(ctr.args_buf[0]) != CON) {
break;
}

Expand All @@ -882,6 +882,11 @@ void do_run_io(GNet* gnet, Book* book, Port port) {

switch (ctr.tag) {
case IO_CALL: {
if (ctr.args_len != 4) {
fprintf(stderr, "invalid IO_CALL: args_len = %u\n", ctr.args_len);
break;
}

Str func = gnet_readback_str(gnet, ctr.args_buf[1]);
FFn* ffn = NULL;
// FIXME: optimize this linear search
Expand Down

0 comments on commit 888b2a4

Please sign in to comment.