aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordec05eba <dec05eba@protonmail.com>2019-04-23 01:30:43 +0200
committerdec05eba <dec05eba@protonmail.com>2020-07-25 14:36:46 +0200
commit328a9c8310e8bab250b04e9e001ab0d890d33074 (patch)
tree6a9d3620a52eb7907fd2e1bdfa5364723b109412
parenta76ba1b33e397638c4209dd77e6073e423ac07a8 (diff)
Fix buffer overflow in ssa_ins_call
-rw-r--r--src/ssa/ssa.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/ssa/ssa.c b/src/ssa/ssa.c
index 3afe7ed..e7434f8 100644
--- a/src/ssa/ssa.c
+++ b/src/ssa/ssa.c
@@ -218,7 +218,7 @@ int ssa_ins_push(Ssa *self, SsaRegister reg) {
return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(SsaRegister)));
self->instructions.data[index + 0] = SSA_PUSH;
- am_memcpy(self->instructions.data + index + 1, &reg, sizeof(reg));
+ am_memcpy(self->instructions.data + index + 1, &reg, sizeof(SsaRegister));
amal_log_debug("PUSH r%u", reg);
return 0;
}
@@ -231,11 +231,11 @@ int ssa_ins_call(Ssa *self, FunctionDecl *func_decl, SsaRegister *result) {
if(self->reg_counter + 1 < self->reg_counter)
return -1;
- return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(func_decl) + sizeof(SsaRegister)));
+ return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(SsaRegister) + sizeof(func_decl)));
*result = self->reg_counter++;
self->instructions.data[index + 0] = SSA_CALL;
am_memcpy(self->instructions.data + index + 1, result, sizeof(*result));
- am_memcpy(self->instructions.data + index + 1 + sizeof(func_decl), &func_decl, sizeof(func_decl));
+ am_memcpy(self->instructions.data + index + 1 + sizeof(SsaRegister), &func_decl, sizeof(func_decl));
amal_log_debug("r%u = CALL %p", *result, func_decl);
return 0;
}