vm: prevent overflow of fixparam field in function.

Functions can only have 127 fixed parameters; some code
ignores this when assigning to the bitfield.

* lib.h (FIXPARAM_BITS, FIXPARAM_MAX): New preprocessor
symbols.
(struct func): Use FIXPARAM_BITS for defining fixparam and
optargs bitfields instead of hard-coded 7.

* lib.c (func_vm): Sanity check the fixparam and reqags
parameters: 0 <= reqargs <= fixparam <= FIXPARAM_MAX.

1 files changed, 17 insertions, 9 deletions

diff --git a/lib.c b/lib.c
index ba129115..411bfd4a 100644
--- a/lib.c
+++ b/lib.c
@@ -6128,15 +6128,23 @@ val func_interp(val env, val form)
 
 val func_vm(val closure, val desc, int fixparam, int reqargs, int variadic)
 {
-  val obj = make_obj();
-  obj->f.type = FUN;
-  obj->f.functype = FVM;
-  obj->f.env = closure;
-  obj->f.f.vm_desc = desc;
-  obj->f.fixparam = fixparam;
-  obj->f.optargs = fixparam - reqargs;
-  obj->f.variadic = (variadic != 0);
-  return obj;
+  if (fixparam > FIXPARAM_MAX) {
+    uw_throwf(error_s, lit("closure in ~s with more than ~s fixed parameters"),
+              desc, unum(FIXPARAM_MAX), nao);
+  } else if (fixparam < 0 || reqargs < 0 || reqargs > fixparam) {
+    uw_throwf(error_s, lit("closure in ~s with bogus parameters"),
+              desc, nao);
+  } else {
+    val obj = make_obj();
+    obj->f.type = FUN;
+    obj->f.functype = FVM;
+    obj->f.env = closure;
+    obj->f.f.vm_desc = desc;
+    obj->f.fixparam = fixparam;
+    obj->f.optargs = fixparam - reqargs;
+    obj->f.variadic = (variadic != 0);
+    return obj;
+  }
 }
 
 val copy_fun(val ofun)