commit 3bec2c6087adb791a862ddd8a1bfa25978f97b0c
parent 6d62e5974be9676e7c3b5ed3e64827797e181ba2
Author: Quentin Carbonneaux <quentin.carbonneaux@yale.edu>
Date: Wed, 13 Apr 2016 17:51:17 -0400
call fixarg on the correct instruction
Because one call to fixarg can emit an instruction,
using curi, for the second fixarg calls patched is
incorrect. AFL found that bug.
Diffstat:
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/isel.c b/isel.c
@@ -182,7 +182,7 @@ seladdr(Ref *r, ANum *an, Fn *fn)
static void
selcmp(Ref arg[2], int k, Fn *fn)
{
- Ref r;
+ Ref r, *iarg;
if (rtype(arg[0]) == RCon) {
r = arg[1];
@@ -191,14 +191,15 @@ selcmp(Ref arg[2], int k, Fn *fn)
}
assert(rtype(arg[0]) != RCon);
emit(OXCmp, k, R, arg[1], arg[0]);
- fixarg(&curi->arg[0], k, 0, fn);
- fixarg(&curi->arg[1], k, 0, fn);
+ iarg = curi->arg;
+ fixarg(&iarg[0], k, 0, fn);
+ fixarg(&iarg[1], k, 0, fn);
}
static void
sel(Ins i, ANum *an, Fn *fn)
{
- Ref r0, r1;
+ Ref r0, r1, *iarg;
int x, k, kc;
int64_t sz;
Ins *i0;
@@ -293,8 +294,9 @@ sel(Ins i, ANum *an, Fn *fn)
case_OExt:
Emit:
emiti(i);
- fixarg(&curi->arg[0], argcls(curi, 0), 0, fn);
- fixarg(&curi->arg[1], argcls(curi, 1), 0, fn);
+ iarg = curi->arg;
+ fixarg(&iarg[0], argcls(&i, 0), 0, fn);
+ fixarg(&iarg[1], argcls(&i, 1), 0, fn);
break;
case OAlloc:
case OAlloc+1:
