From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 16 Feb 2017 15:52:57 +0000 (-0800)
Subject: Add sanity checks for Bswitch hash tables
X-Git-Tag: emacs-26.0.90~814
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=8929746489bb257d1e29c3bab629b3b67e3117d2;p=emacs.git

Add sanity checks for Bswitch hash tables

* src/bytecode.c (exec_byte_code) [BYTE_CODE_SAFE]:
Check that operand is a hash table and hashes to ints.
---

diff --git a/src/bytecode.c b/src/bytecode.c
index af94d03b17d..4414b077bb9 100644
--- a/src/bytecode.c
+++ b/src/bytecode.c
@@ -1415,13 +1415,15 @@ exec_byte_code (Lisp_Object bytestr, Lisp_Object vector, Lisp_Object maxdepth,
 
         CASE (Bswitch):
           {
-            /*TODO: Perhaps introduce another byte-code for switch when the
-              number of cases is less, which uses a simple vector for linear
-              search as the jump table.  */
+            /* TODO: Perhaps introduce another byte-code for switch when the
+	       number of cases is less, which uses a simple vector for linear
+	       search as the jump table.  */
             Lisp_Object jmp_table = POP;
+	    if (BYTE_CODE_SAFE && !HASH_TABLE_P (jmp_table))
+	      emacs_abort ();
             Lisp_Object v1 = POP;
             ptrdiff_t i;
-            struct Lisp_Hash_Table *h = XHASH_TABLE(jmp_table);
+            struct Lisp_Hash_Table *h = XHASH_TABLE (jmp_table);
 
             /* h->count is a faster approximation for HASH_TABLE_SIZE (h)
                here. */
@@ -1429,9 +1431,9 @@ exec_byte_code (Lisp_Object bytestr, Lisp_Object vector, Lisp_Object maxdepth,
               { /* Do a linear search if there are not many cases
                    FIXME: 5 is arbitrarily chosen.  */
                 Lisp_Object hash_code = h->test.cmpfn
-                  ? make_number(h->test.hashfn (&h->test, v1)) : Qnil;
+                  ? make_number (h->test.hashfn (&h->test, v1)) : Qnil;
 
-                for (i = h->count; 0 <= --i;)
+                for (i = h->count; 0 <= --i; )
                   if (EQ (v1, HASH_KEY (h, i))
                       || (h->test.cmpfn
                           && EQ (hash_code, HASH_HASH (h, i))
@@ -1440,13 +1442,16 @@ exec_byte_code (Lisp_Object bytestr, Lisp_Object vector, Lisp_Object maxdepth,
 
               }
             else
-              i = hash_lookup(h, v1, NULL);
+              i = hash_lookup (h, v1, NULL);
 
-          if (i >= 0)
-            {
-              op = XINT (HASH_VALUE (h, i));
-              goto op_branch;
-            }
+	    if (i >= 0)
+	      {
+		Lisp_Object val = HASH_VALUE (h, i);
+		if (BYTE_CODE_SAFE && !INTEGERP (val))
+		  emacs_abort ();
+		op = XINT (val);
+		goto op_branch;
+	      }
           }
           NEXT;