summary refs log tree commit diff
path: root/parse.c
diff options
context:
space:
mode:
authorQuentin Carbonneaux <quentin.carbonneaux@yale.edu>2016-04-22 14:24:34 -0400
committerQuentin Carbonneaux <quentin.carbonneaux@yale.edu>2016-04-22 14:27:15 -0400
commitd2046e2cd0d57b425ca5da0266c9d7fcbb760417 (patch)
tree90e8b1dfebfe9bcab1e74febc85eb84991223a81 /parse.c
parent1c96401f0cf3f7b77488e306705c2ea946149b36 (diff)
downloadroux-d2046e2cd0d57b425ca5da0266c9d7fcbb760417.tar.gz
make sure type sizes never overflow
Diffstat (limited to 'parse.c')
-rw-r--r--parse.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/parse.c b/parse.c
index a06d5b9..272db45 100644
--- a/parse.c
+++ b/parse.c
@@ -818,7 +818,7 @@ parsetyp()
 		t = nextnl();
 	} else {
 		ty->dark = 0;
-		n = -1;
+		n = 0;
 		sz = 0;
 		al = 0;
 		while (t != Trbrace) {
@@ -836,10 +836,11 @@ parsetyp()
 				al = a;
 			if ((a = sz & (s-1))) {
 				a = s - a;
-				if (++n < NSeg) {
+				if (n < NSeg) {
 					/* padding segment */
 					ty->seg[n].ispad = 1;
 					ty->seg[n].len = a;
+					n++;
 				}
 			}
 			t = nextnl();
@@ -848,19 +849,19 @@ parsetyp()
 				t = nextnl();
 			} else
 				c = 1;
-			while (c-- > 0) {
-				if (++n < NSeg) {
+			while (c-- > 0)
+				if (n < NSeg) {
 					ty->seg[n].isflt = flt;
 					ty->seg[n].ispad = 0;
 					ty->seg[n].len = s;
+					sz += a + s;
+					n++;
 				}
-				sz += a + s;
-			}
 			if (t != Tcomma)
 				break;
 			t = nextnl();
 		}
-		if (++n >= NSeg)
+		if (n >= NSeg)
 			ty->dark = 1;
 		else
 			ty->seg[n].len = 0;