Skip to content

Commit 607ef20

Browse files
peter-bpeter-b
committed
Merge pull request livecode#1775 from runrevmark/bugfix-lcb_incorrect_register_count
[[ LCB Machine ]] Fix bug in validation code for 'return' which caused i...
2 parents 51ab999 + 94ef7d3 commit 607ef20

File tree

1 file changed

+45
-8
lines changed

1 file changed

+45
-8
lines changed

libscript/src/script-module.cpp

Lines changed: 45 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -261,48 +261,85 @@ bool MCScriptValidateModule(MCScriptModuleRef self)
261261
switch(t_operation)
262262
{
263263
case kMCScriptBytecodeOpJump:
264-
// check arity == 1
264+
// jump <offset>
265+
if (t_arity != 1)
266+
return false;
267+
265268
// check resolved address is within handler
266269
break;
267270
case kMCScriptBytecodeOpJumpIfFalse:
268271
case kMCScriptBytecodeOpJumpIfTrue:
269-
// check arity == 2
272+
// jumpiftrue <register>, <offset>
273+
// jumpiffalse <register>, <offset>
274+
if (t_arity != 2)
275+
return false;
276+
270277
// check resolved address is within handler
271278
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
272279
break;
273280
case kMCScriptBytecodeOpAssignConstant:
274-
// check arity == 2
281+
// assignconst <dst>, <index>
282+
if (t_arity != 2)
283+
return false;
284+
275285
// check index argument is within value pool range
276286
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
277287
break;
278288
case kMCScriptBytecodeOpAssign:
279-
// check arity == 2
289+
// assign <dst>, <src>
290+
if (t_arity != 2)
291+
return false;
292+
280293
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
281294
t_temporary_count = MCMax(t_temporary_count, t_operands[1] + 1);
282295
break;
283296
case kMCScriptBytecodeOpReturn:
284-
// check arity == 1
285-
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
297+
// return
298+
// return <value>
299+
if (t_arity != 0 && t_arity != 1)
300+
return false;
301+
302+
if (t_arity == 1)
303+
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
286304
break;
287305
case kMCScriptBytecodeOpInvoke:
306+
// invoke <index>, <result>, [ <arg_1>, ..., <arg_n> ]
307+
if (t_arity < 2)
308+
return false;
309+
288310
// check index operand is within definition range
289311
// check definition[index] is handler or definition group
290312
// check signature of defintion[index] conforms with invoke arity
291313
for(uindex_t i = 1; i < t_arity; i++)
292314
t_temporary_count = MCMax(t_temporary_count, t_operands[i] + 1);
293315
break;
294-
case kMCScriptBytecodeOpAssignList:
295316
case kMCScriptBytecodeOpInvokeIndirect:
317+
// invoke *<src>, <result>, [ <arg_1>, ..., <arg_n> ]
318+
if (t_arity < 2)
319+
return false;
320+
296321
for(uindex_t i = 0; i < t_arity; i++)
297322
t_temporary_count = MCMax(t_temporary_count, t_operands[i] + 1);
298323
break;
299324
case kMCScriptBytecodeOpFetch:
300325
case kMCScriptBytecodeOpStore:
301-
// check arity is 2
326+
// fetch <dst>, <index>
327+
// store <src>, <index>
328+
if (t_arity != 2)
329+
return false;
330+
302331
// check definition[index] is variable or handler
303332
// check level is appropriate.
304333
t_temporary_count = MCMax(t_temporary_count, t_operands[0] + 1);
305334
break;
335+
case kMCScriptBytecodeOpAssignList:
336+
// assignlist <dst>, [ <elem_1>, ..., <elem_n> ]
337+
if (t_arity < 1)
338+
return false;
339+
340+
for(uindex_t i = 0; i < t_arity; i++)
341+
t_temporary_count = MCMax(t_temporary_count, t_operands[i] + 1);
342+
break;
306343
}
307344
}
308345

0 commit comments

Comments
 (0)