From 693228d82e146f96f48a4e5b8347566256989a1d Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Thu, 26 Oct 2017 20:04:25 -0700 Subject: carray: check type object in several API functions. * ffi.c (carray_blank, carray_buf, carray_cptr, carray_pun): these functions should be using ffi_type_struct_checked, since they are public interfaces to which anything can be passed. Otherwise TXR can easily be crashed by misusing them. --- ffi.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'ffi.c') diff --git a/ffi.c b/ffi.c index 67ced1f0..3a371826 100644 --- a/ffi.c +++ b/ffi.c @@ -4785,7 +4785,7 @@ val carray_blank(val nelem, val type) { val self = lit("carray-blank"); cnum nel = c_num(nelem); - struct txr_ffi_type *tft = ffi_type_struct(type); + struct txr_ffi_type *tft = ffi_type_struct_checked(type); if (nel < 0) { uw_throwf(error_s, lit("~a: negative array size"), self, nao); @@ -4804,7 +4804,7 @@ val carray_buf(val buf, val type, val offs_in) val offs = default_arg_strict(offs_in, zero); cnum offsn = c_num(offs); cnum blen = c_num(minus(length_buf(buf), offs)); - struct txr_ffi_type *tft = ffi_type_struct(type); + struct txr_ffi_type *tft = ffi_type_struct_checked(type); cnum nelem = if3(tft->size, blen / tft->size, 0); if (offsn < 0) uw_throwf(error_s, @@ -4850,7 +4850,7 @@ val carray_cptr(val cptr, val type, val len) { mem_t *data = cptr_get(cptr); cnum nelem = c_num(default_arg(len, negone)); - (void) ffi_type_struct(type); + (void) ffi_type_struct_checked(type); return make_carray(type, data, nelem, nil, 0); } @@ -5134,7 +5134,7 @@ val carray_pun(val carray, val type) { val self = lit("carray-pun"); struct carray *scry = carray_struct_checked(carray); - struct txr_ffi_type *tft = ffi_type_struct(type); + struct txr_ffi_type *tft = ffi_type_struct_checked(type); cnum len = scry->nelem; cnum elsize = scry->eltft->size; cnum size = (ucnum) len * (ucnum) elsize; -- cgit v1.2.3