File 0692-Handle-obsolete-instructions-with-more-than-6-operan.patch of Package erlang
From 359f49c777d0ca3fac7c7dabd80efbdf749e493c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= <bjorn@erlang.org>
Date: Tue, 25 Jun 2024 17:15:07 +0200
Subject: [PATCH 2/3] Handle obsolete instructions with more than 6 operands
Attempting to load an obsolete instruction with more than 6 operands
could crash the runtime system.
---
erts/emulator/beam/beam_load.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/erts/emulator/beam/beam_load.c b/erts/emulator/beam/beam_load.c
index af2747a77e..289b5c5aab 100644
--- a/erts/emulator/beam/beam_load.c
+++ b/erts/emulator/beam/beam_load.c
@@ -492,16 +492,28 @@ static int load_code(LoaderState* stp)
* Use bit masks to quickly find the most specific of the
* the possible specific instructions associated with this
* specific instruction.
+ *
+ * Note that currently only instructions having no more
+ * than 6 operands are supported.
*/
int specific, arity, arg, i;
Uint32 mask[3] = {0, 0, 0};
- arity = gen_opc[tmp_op->op].arity;
+ if (num_specific != 0) {
+ /* The `bs_append` instruction made obsolete in
+ * Erlang/OTP 28 has 8 operands. Therefore, the if
+ * statement preventing the loop that follows to be
+ * entered is necessary to prevent writing beyond the
+ * last entry of the mask array. */
+ arity = gen_opc[tmp_op->op].arity;
- for (arg = 0; arg < arity; arg++) {
- int type = tmp_op->a[arg].type;
+ ASSERT(2 * (sizeof(mask) / sizeof(mask[0])) >= arity);
- mask[arg / 2] |= (1u << type) << ((arg % 2) << 4);
+ for (arg = 0; arg < arity; arg++) {
+ int type = tmp_op->a[arg].type;
+
+ mask[arg / 2] |= (1u << type) << ((arg % 2) << 4);
+ }
}
specific = gen_opc[tmp_op->op].specific;
--
2.35.3
