diff options
author | mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-11-27 07:34:21 +0000 |
---|---|---|
committer | mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-11-27 07:34:21 +0000 |
commit | b7561dafb95b637911ddb6b667e7a24c18cc08d0 (patch) | |
tree | e498b655233fa1d7b92c56884a018e9d0e068eb0 /compile.c | |
parent | 4beec6675716f8189be680e6bb966f4db44a7e53 (diff) |
compile.c: prevent out-of-bound initialization of coverage counters
The coverage counters is initialized with `counter[lineno - 1] = 0`,
but lineno may be 0, which led to write access for index -1.
[ruby-core:90085] [Bug#15346]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66025 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'compile.c')
-rw-r--r-- | compile.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -2027,7 +2027,9 @@ iseq_set_sequence(rb_iseq_t *iseq, LINK_ANCHOR *const anchor) if (ISEQ_LINE_COVERAGE(iseq) && (events & RUBY_EVENT_COVERAGE_LINE) && !(rb_get_coverage_mode() & COVERAGE_TARGET_ONESHOT_LINES)) { int line = iobj->insn_info.line_no; - RARRAY_ASET(ISEQ_LINE_COVERAGE(iseq), line - 1, INT2FIX(0)); + if (line >= 1) { + RARRAY_ASET(ISEQ_LINE_COVERAGE(iseq), line - 1, INT2FIX(0)); + } } if (ISEQ_BRANCH_COVERAGE(iseq) && (events & RUBY_EVENT_COVERAGE_BRANCH)) { while (RARRAY_LEN(ISEQ_PC2BRANCHINDEX(iseq)) <= code_index) { |