[Monetdb-checkins] MonetDB5/src/mal mal_function.mx,,1.148,1.149

Wed, 02 Jan 2008 11:54:28 -0800 

Update of /cvsroot/monetdb/MonetDB5/src/mal
In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv30965

Modified Files:
        mal_function.mx 
Log Message:
Solve a memory overwrite due to wrong setting of lifespan bounds for
arguments.


Index: mal_function.mx
===================================================================
RCS file: /cvsroot/monetdb/MonetDB5/src/mal/mal_function.mx,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -d -r1.148 -r1.149
--- mal_function.mx     2 Jan 2008 08:18:51 -0000       1.148
+++ mal_function.mx     2 Jan 2008 19:54:22 -0000       1.149
@@ -85,7 +85,7 @@
 mal_export int getBlockExit(MalBlkPtr mb,int pc);
 mal_export int getBlockBegin(MalBlkPtr mb,int pc);
 
-#define newLifespan(M) (Lifespan)GDKmalloc(sizeof(LifespanRecord)*(M)->vtop)
+#define newLifespan(M) (Lifespan)GDKmalloc(sizeof(LifespanRecord)*(M)->vsize)
 mal_export void setLifespan(MalBlkPtr mb, Lifespan span);
 mal_export void debugLifespan(MalBlkPtr mb, Lifespan span);
 
@@ -691,10 +691,17 @@
 {
        int pc, k, depth=0, scopes[256];
        InstrPtr p;
-       int top=0, *decl= (int*)alloca(sizeof(int)*mb->vtop);
+       int top=0, *decl;
 
+       decl= (int *) GDKzalloc(sizeof(int)*mb->vsize);
+       assert(decl!= NULL);
        memset((char*) span,0, sizeof(LifespanRecord)* mb->vtop);
-       for (pc = 0; pc < mb->stop; pc++) {
+       p = getInstrPtr(mb, 0);
+       for(k= 0; k<p->argc; k++){
+               span[getArg(p,k)].beginLifespan= 1;
+               span[getArg(p,k)].endLifespan= mb->stop-1;
+       }
+       for (pc = 1; pc < mb->stop; pc++) {
                p = getInstrPtr(mb, pc);
                if( p->token == NOOPsymbol)
                        continue;
@@ -722,6 +729,7 @@
                                span[decl[top]].endLifespan= pc;
                        if( depth== 0) {
                                mb->errors++;
+                               GDKfree(decl);
                                GDKerror("too many unnest operations.");
                                return;
                        }
@@ -730,12 +738,14 @@
                if( blockStart(p)){
                        if( depth== 255) {
                                mb->errors++;
+                               GDKfree(decl);
                                GDKerror("too deeply nested scope");
                                return;
                        }
                        scopes[++depth]= top;
                }
        }
+       GDKfree(decl);
        /* debugLifespan(mb); */
 }
 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Monetdb-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-checkins

Reply via email to