Fix crash with invalid bytecode vectors

* src/lread.c (read_vector): If the vector is to short to be for
bytecodes don’t do bytecode processing for it, as the processing
might run past the end of the vector.

diff --git a/src/lread.c b/src/lread.c
index 53b4e1be2dfc7dcec4048da3eab2c7d022c12e5b..29deddaf15fa807af4ff089a9eb9003012b62489 100644 (file)
--- a/src/lread.c
+++ b/src/lread.c
@@ -3844,6 +3844,10 @@ read_vector (Lisp_Object readcharfun, bool bytecodeflag)
   ptrdiff_t size = list_length (tem);
   Lisp_Object vector = make_nil_vector (size);
 
+  /* Avoid accessing past the end of a vector if the vector is too
+     small to be valid for bytecode.  */
+  bytecodeflag &= COMPILED_STACK_DEPTH < size;
+
   Lisp_Object *ptr = XVECTOR (vector)->contents;
   for (ptrdiff_t i = 0; i < size; i++)
     {