From: Andreas Schwab Date: Mon, 16 Nov 2015 22:47:17 +0000 (+0100) Subject: Do more checks on bytecode objects (Bug#21929) X-Git-Tag: emacs-25.0.90~769 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=d443710169d98e73869247fd80e27914f25b784e;p=emacs.git Do more checks on bytecode objects (Bug#21929) * src/eval.c (funcall_lambda): Check size of compiled function object. (Ffetch_bytecode): Likewise. --- diff --git a/src/eval.c b/src/eval.c index ac98ca11bd4..d460048e04b 100644 --- a/src/eval.c +++ b/src/eval.c @@ -2792,6 +2792,9 @@ funcall_lambda (Lisp_Object fun, ptrdiff_t nargs, } else if (COMPILEDP (fun)) { + ptrdiff_t size = ASIZE (fun) & PSEUDOVECTOR_SIZE_MASK; + if (size <= COMPILED_STACK_DEPTH) + xsignal1 (Qinvalid_function, fun); syms_left = AREF (fun, COMPILED_ARGLIST); if (INTEGERP (syms_left)) /* A byte-code object with a non-nil `push args' slot means we @@ -2889,19 +2892,25 @@ DEFUN ("fetch-bytecode", Ffetch_bytecode, Sfetch_bytecode, { Lisp_Object tem; - if (COMPILEDP (object) && CONSP (AREF (object, COMPILED_BYTECODE))) + if (COMPILEDP (object)) { - tem = read_doc_string (AREF (object, COMPILED_BYTECODE)); - if (!CONSP (tem)) + ptrdiff_t size = ASIZE (object) & PSEUDOVECTOR_SIZE_MASK; + if (size <= COMPILED_STACK_DEPTH) + xsignal1 (Qinvalid_function, object); + if (CONSP (AREF (object, COMPILED_BYTECODE))) { - tem = AREF (object, COMPILED_BYTECODE); - if (CONSP (tem) && STRINGP (XCAR (tem))) - error ("Invalid byte code in %s", SDATA (XCAR (tem))); - else - error ("Invalid byte code"); + tem = read_doc_string (AREF (object, COMPILED_BYTECODE)); + if (!CONSP (tem)) + { + tem = AREF (object, COMPILED_BYTECODE); + if (CONSP (tem) && STRINGP (XCAR (tem))) + error ("Invalid byte code in %s", SDATA (XCAR (tem))); + else + error ("Invalid byte code"); + } + ASET (object, COMPILED_BYTECODE, XCAR (tem)); + ASET (object, COMPILED_CONSTANTS, XCDR (tem)); } - ASET (object, COMPILED_BYTECODE, XCAR (tem)); - ASET (object, COMPILED_CONSTANTS, XCDR (tem)); } return object; }