diff options
author | H. Peter Anvin <hpa@zytor.com> | 2008-09-01 10:56:33 -0700 |
---|---|---|
committer | H. Peter Anvin <hpa@zytor.com> | 2008-09-01 10:56:33 -0700 |
commit | 91fb6f16264ba3b2cde01b0dc35e672e024d4d28 (patch) | |
tree | 5d2bb28b7faa3e8865f8ad48116dece1652f21d4 | |
parent | 5c10c17ba08731677ce8f4a9a3f8005fb60fe987 (diff) | |
download | nasm-91fb6f16264ba3b2cde01b0dc35e672e024d4d28.tar.gz |
BR 2048950: fix crash due to mmacro list overflow
When allocating the buffer for an mmacro list, we apparently failed to
guarantee space for the terminating NULL. This almost certainly
caused the crash described in BR 2048950, and quite possibly BR
1284169.
-rw-r--r-- | preproc.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1434,7 +1434,8 @@ static void count_mmac_params(Token * t, int *nparam, Token *** params) *nparam = paramsize = 0; *params = NULL; while (t) { - if (*nparam >= paramsize) { + /* +1: we need space for the final NULL */ + if (*nparam+1 >= paramsize) { paramsize += PARAM_DELTA; *params = nasm_realloc(*params, sizeof(**params) * paramsize); } |