Fix a crash found by AFL++

This crash was caused by a value needing to be used after an assignment to a string, which never needed a value used again before because only dc did it. So this commit changes it so another string is pushed, if necessary. This commit also adds a test for it. It's not an error test; it's just a normal test added to bc's strings test. Signed-off-by: Gavin Howard <[email protected]>
2021-07-25 08:36:23 -06:00 · 2021-07-25 08:36:23 -06:00 · f46644247f
parent 66f0d07f31
commit f46644247f
3 changed files with 16 additions and 0 deletions
--- a/src/program.c
+++ b/src/program.c
@ -1300,6 +1300,17 @@ static void bc_program_assign(BcProgram *p, uchar inst) {
 			bc_program_assignStr(p, loc, v, false);
 		}

+#if BC_ENABLED
+
+		// If this is true, the value is going to be used again, so we want to
+		// push a temporary with the string.
+		if (inst == BC_INST_ASSIGN) {
+			res.t = BC_RESULT_STR;
+			res.d.loc = loc;
+			bc_vec_push(&p->results, &res);
+		}
+#endif // BC_ENABLED
+
 		// By using bc_program_assignStr(), we short-circuited this, so return.
 		return;
 	}
--- a/tests/bc/strings.txt
+++ b/tests/bc/strings.txt
@ -31,3 +31,6 @@ v(v)

 length("ouch")
 length(v)
+
+v = u = "test assign\n"
+print v, u
--- a/tests/bc/strings_results.txt
+++ b/tests/bc/strings_results.txt
@ -15,3 +15,5 @@ string
 0
 4
 6
+test assign
+test assign