diff options
| author | Mike Pall <mike> | 2017-09-20 19:39:50 +0200 |
|---|---|---|
| committer | Mike Pall <mike> | 2017-09-20 19:39:50 +0200 |
| commit | 0c0e7b168ea147866835954267c151ef789f64fb (patch) | |
| tree | 559ca7a0bc5c996e34a750b4774250d6e2eaf6f8 | |
| parent | f3d75075ed91137699c6071abe49e2252e794a9c (diff) | |
| download | luajit-0c0e7b168ea147866835954267c151ef789f64fb.tar.gz luajit-0c0e7b168ea147866835954267c151ef789f64fb.tar.bz2 luajit-0c0e7b168ea147866835954267c151ef789f64fb.zip | |
DynASM/x86: Fix potential REL_A overflow.
Thanks to Joshua Haberman.
| -rw-r--r-- | dynasm/dasm_x86.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/dynasm/dasm_x86.h b/dynasm/dasm_x86.h index 90dc5d15..f9260b0c 100644 --- a/dynasm/dasm_x86.h +++ b/dynasm/dasm_x86.h | |||
| @@ -395,7 +395,8 @@ int dasm_encode(Dst_DECL, void *buffer) | |||
| 395 | case DASM_VREG: { int t = *p++; if (t >= 2) n<<=3; cp[-1] |= n; break; } | 395 | case DASM_VREG: { int t = *p++; if (t >= 2) n<<=3; cp[-1] |= n; break; } |
| 396 | case DASM_REL_LG: p++; if (n >= 0) goto rel_pc; | 396 | case DASM_REL_LG: p++; if (n >= 0) goto rel_pc; |
| 397 | b++; n = (int)(ptrdiff_t)D->globals[-n]; | 397 | b++; n = (int)(ptrdiff_t)D->globals[-n]; |
| 398 | case DASM_REL_A: rel_a: n -= (int)(ptrdiff_t)(cp+4); goto wd; /* !x64 */ | 398 | case DASM_REL_A: rel_a: |
| 399 | n -= (unsigned int)(ptrdiff_t)(cp+4); goto wd; /* !x64 */ | ||
| 399 | case DASM_REL_PC: rel_pc: { | 400 | case DASM_REL_PC: rel_pc: { |
| 400 | int shrink = *b++; | 401 | int shrink = *b++; |
| 401 | int *pb = DASM_POS2PTR(D, n); if (*pb < 0) { n = pb[1]; goto rel_a; } | 402 | int *pb = DASM_POS2PTR(D, n); if (*pb < 0) { n = pb[1]; goto rel_a; } |