diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2016-08-24 07:00:21 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2016-08-24 07:00:21 -0700 |
| commit | c6fce0478a206a84f678e63ec242047f02ba8547 (patch) | |
| tree | 85752bece4a69d0c28df4ea6681257af6ad64193 /eval.c | |
| parent | 3005bda72a3eb14fc94225c3fd399cec98443a1c (diff) | |
| download | txr-c6fce0478a206a84f678e63ec242047f02ba8547.tar.gz txr-c6fce0478a206a84f678e63ec242047f02ba8547.tar.bz2 txr-c6fce0478a206a84f678e63ec242047f02ba8547.zip | |
Put cap on @<digits> value in op/do syntax.
The op transformer generates a lambda which has
as many arguments as the highest-valued metanumber
(@<digits> syntax) occurring in the form.
If this is a huge integer, it obligingly tries to
construct the argument list, running out of memory.
In this commit, we cap the value to 1024.
This issue was uncovered by the fuzzing utility
AFL (fast) 2.30b.
* eval.c (me_op): Throw error if max exceeds 1024,
preventing the call to supplement_op_syms to actually
generate an a formal parameter list of max symbols.
Diffstat (limited to 'eval.c')
| -rw-r--r-- | eval.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -2932,6 +2932,10 @@ static val me_op(val form, val menv) val is_op = and3(sym == do_s, consp(body_trans), gethash(op_table, car(body_trans))); + if (c_num(max) > 1024) + eval_error(form, lit("~a: @~a calls for function with too many arguments"), + sym, max, nao); + if (!eql(max, length(nums)) && !zerop(min)) ssyms = supplement_op_syms(ssyms, max); |