From 6759ea4c9ce8a6c7d02e9ad5eef13bf4660e3aa8 Mon Sep 17 00:00:00 2001 From: Larry Frieson Date: Mon, 18 Dec 2023 12:20:50 -0800 Subject: [PATCH] Fix error handling in array__remove() in cnex --- exec/cnex/global.c | 11 +++++++++-- t/array-remove.neon | 5 +++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/exec/cnex/global.c b/exec/cnex/global.c index 35434dd48e..151cc3f9b3 100644 --- a/exec/cnex/global.c +++ b/exec/cnex/global.c @@ -633,15 +633,22 @@ void array__remove(TExecutor *exec) Number index = top(exec->stack)->number; pop(exec->stack); Cell *addr = top(exec->stack)->address; pop(exec->stack); - if (!number_is_integer(index)) { + if (!number_is_integer(index) || number_is_negative(index)) { char buf[100]; - snprintf(buf, sizeof(buf), "Array index not an integer: %s", number_to_string(index)); + snprintf(buf, sizeof(buf), "Invalid array index: %s", number_to_string(index)); exec->rtl_raise(exec, "PANIC", buf); return; } cell_ensureArray(addr); size_t i = number_to_uint64(index); + if (i >= addr->array->size) { + char buf[100]; + snprintf(buf, sizeof(buf), "Array index exceeds size %zd: %s", addr->array->size, number_to_string(index)); + exec->rtl_raise(exec, "PANIC", buf); + return; + } + cell_clearCell(&addr->array->data[i]); array_removeItem(addr->array, i); } diff --git a/t/array-remove.neon b/t/array-remove.neon index 8861972063..1d030b29e8 100644 --- a/t/array-remove.neon +++ b/t/array-remove.neon @@ -3,3 +3,8 @@ a.remove(1) TESTCASE a.size() = 2 TESTCASE a[0] = 1 TESTCASE a[1] = 3 +TESTCASE a.remove(-1) EXPECT PANIC "Invalid array index: -1" +a.remove(0) +TESTCASE a[0] = 3 +a.remove(0) +TESTCASE a.remove(0) EXPECT PANIC "Array index exceeds size 0: 0" \ No newline at end of file