Prevent buffer overflow in type array allocation

jserv · jserv · commit 6071a42e686a · 2025-08-07T12:23:09.000+08:00
This commit adds bounds checking to add_type and increase MAX_TYPES to
128, fixing memory corruption during stage-1 compilation when typedef
count exceeds limit.
diff --git a/src/defs.h b/src/defs.h
@@ -19,7 +19,7 @@
 #define MAX_PARAMS 8
 #define MAX_LOCALS 1600
 #define MAX_FIELDS 64
-#define MAX_TYPES 64
+#define MAX_TYPES 128
 #define MAX_IR_INSTR 60000
 #define MAX_BB_PRED 128
 #define MAX_BB_DOM_SUCC 64
diff --git a/src/globals.c b/src/globals.c
@@ -721,6 +721,10 @@ int find_macro_param_src_idx(char *name, block_t *parent)
 
 type_t *add_type(void)
 {
+    if (types_idx >= MAX_TYPES) {
+        printf("Error: Maximum number of types (%d) exceeded\n", MAX_TYPES);
+        abort();
+    }
     return &TYPES[types_idx++];
 }
 

Original file line number	Diff line number	Diff line change
`@@ -721,6 +721,10 @@ int find_macro_param_src_idx(char name, block_t parent)`
`721`	`721`
`722`	`722`	`type_t *add_type(void)`
`723`	`723`	`{`
	`724`	`+ if (types_idx >= MAX_TYPES) {`
	`725`	`+ printf("Error: Maximum number of types (%d) exceeded\n", MAX_TYPES);`
	`726`	`+ abort();`
	`727`	`+ }`
`724`	`728`	`return &TYPES[types_idx++];`
`725`	`729`	`}`
`726`	`730`