diff options
| author | dec05eba <dec05eba@protonmail.com> | 2019-04-23 01:30:43 +0200 |
|---|---|---|
| committer | dec05eba <dec05eba@protonmail.com> | 2020-07-25 14:36:46 +0200 |
| commit | 328a9c8310e8bab250b04e9e001ab0d890d33074 (patch) | |
| tree | 6a9d3620a52eb7907fd2e1bdfa5364723b109412 | |
| parent | a76ba1b33e397638c4209dd77e6073e423ac07a8 (diff) | |
Fix buffer overflow in ssa_ins_call
| -rw-r--r-- | src/ssa/ssa.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/ssa/ssa.c b/src/ssa/ssa.c index 3afe7ed..e7434f8 100644 --- a/src/ssa/ssa.c +++ b/src/ssa/ssa.c @@ -218,7 +218,7 @@ int ssa_ins_push(Ssa *self, SsaRegister reg) { return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(SsaRegister))); self->instructions.data[index + 0] = SSA_PUSH; - am_memcpy(self->instructions.data + index + 1, ®, sizeof(reg)); + am_memcpy(self->instructions.data + index + 1, ®, sizeof(SsaRegister)); amal_log_debug("PUSH r%u", reg); return 0; } @@ -231,11 +231,11 @@ int ssa_ins_call(Ssa *self, FunctionDecl *func_decl, SsaRegister *result) { if(self->reg_counter + 1 < self->reg_counter) return -1; - return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(func_decl) + sizeof(SsaRegister))); + return_if_error(buffer_append_empty(&self->instructions, sizeof(u8) + sizeof(SsaRegister) + sizeof(func_decl))); *result = self->reg_counter++; self->instructions.data[index + 0] = SSA_CALL; am_memcpy(self->instructions.data + index + 1, result, sizeof(*result)); - am_memcpy(self->instructions.data + index + 1 + sizeof(func_decl), &func_decl, sizeof(func_decl)); + am_memcpy(self->instructions.data + index + 1 + sizeof(SsaRegister), &func_decl, sizeof(func_decl)); amal_log_debug("r%u = CALL %p", *result, func_decl); return 0; } |