call fixarg on the correct instruction

Because one call to fixarg can emit an instruction, using curi, for the second fixarg calls patched is incorrect. AFL found that bug.
author: Quentin Carbonneaux <quentin.carbonneaux@yale.edu> 2016-04-13 17:51:17 -0400
committer: Quentin Carbonneaux <quentin.carbonneaux@yale.edu> 2016-04-13 17:53:07 -0400
commit: 3bec2c6087adb791a862ddd8a1bfa25978f97b0c (patch)
tree: 8803af719386c55532f29e27403c01060f688399
parent: 6d62e5974be9676e7c3b5ed3e64827797e181ba2 (diff)
download: roux-3bec2c6087adb791a862ddd8a1bfa25978f97b0c.tar.gz
1 files changed, 8 insertions, 6 deletions
diff --git a/isel.c b/isel.c
index 2d4f5c5..31ea4ea 100644
--- a/isel.c
+++ b/isel.c
@@ -182,7 +182,7 @@ seladdr(Ref *r, ANum *an, Fn *fn)
 static void
 selcmp(Ref arg[2], int k, Fn *fn)
 {
-	Ref r;
+	Ref r, *iarg;
 
 	if (rtype(arg[0]) == RCon) {
 		r = arg[1];
@@ -191,14 +191,15 @@ selcmp(Ref arg[2], int k, Fn *fn)
 	}
 	assert(rtype(arg[0]) != RCon);
 	emit(OXCmp, k, R, arg[1], arg[0]);
-	fixarg(&curi->arg[0], k, 0, fn);
-	fixarg(&curi->arg[1], k, 0, fn);
+	iarg = curi->arg;
+	fixarg(&iarg[0], k, 0, fn);
+	fixarg(&iarg[1], k, 0, fn);
 }
 
 static void
 sel(Ins i, ANum *an, Fn *fn)
 {
-	Ref r0, r1;
+	Ref r0, r1, *iarg;
 	int x, k, kc;
 	int64_t sz;
 	Ins *i0;
@@ -293,8 +294,9 @@ sel(Ins i, ANum *an, Fn *fn)
 	case_OExt:
 Emit:
 		emiti(i);
-		fixarg(&curi->arg[0], argcls(curi, 0), 0, fn);
-		fixarg(&curi->arg[1], argcls(curi, 1), 0, fn);
+		iarg = curi->arg;
+		fixarg(&iarg[0], argcls(&i, 0), 0, fn);
+		fixarg(&iarg[1], argcls(&i, 1), 0, fn);
 		break;
 	case OAlloc:
 	case OAlloc+1:
author	Quentin Carbonneaux <quentin.carbonneaux@yale.edu>	2016-04-13 17:51:17 -0400
committer	Quentin Carbonneaux <quentin.carbonneaux@yale.edu>	2016-04-13 17:53:07 -0400
commit	3bec2c6087adb791a862ddd8a1bfa25978f97b0c (patch)
tree	8803af719386c55532f29e27403c01060f688399
parent	6d62e5974be9676e7c3b5ed3e64827797e181ba2 (diff)
download	roux-3bec2c6087adb791a862ddd8a1bfa25978f97b0c.tar.gz