diff --git a/src/runtime/c/pgf/data.h b/src/runtime/c/pgf/data.h index 7cb4507e1..88bae7a22 100644 --- a/src/runtime/c/pgf/data.h +++ b/src/runtime/c/pgf/data.h @@ -8,11 +8,6 @@ #include #include "pgf.h" -#include "db.h" -#include "text.h" -#include "vector.h" -#include "namespace.h" -#include "expr.h" class PGF_INTERNAL_DECL pgf_error : public std::runtime_error { public: @@ -59,6 +54,12 @@ private: const char *m_filepath; }; +#include "db.h" +#include "text.h" +#include "vector.h" +#include "namespace.h" +#include "expr.h" + struct PGF_INTERNAL_DECL PgfFlag { PgfLiteral value; PgfText name; diff --git a/src/runtime/c/pgf/db.cxx b/src/runtime/c/pgf/db.cxx index c9d80c61e..42cd287c6 100644 --- a/src/runtime/c/pgf/db.cxx +++ b/src/runtime/c/pgf/db.cxx @@ -958,6 +958,13 @@ void PgfDB::free_internal(object o) } } +bool PgfDB::is_valid_object(object o, size_t bytes) +{ + if (o <= sizeof(*ms) || o >= ms->top) + return false; + mchunk *chunk = mem2chunk(ptr(ms,o)); + return (chunksize(chunk) == request2size(bytes)); +} DB_scope::DB_scope(PgfDB *db, DB_scope_mode tp) { diff --git a/src/runtime/c/pgf/db.h b/src/runtime/c/pgf/db.h index dfb5f0267..6b679f1e9 100644 --- a/src/runtime/c/pgf/db.h +++ b/src/runtime/c/pgf/db.h @@ -93,6 +93,14 @@ public: current_db->set_root_internal(root.offset); } + template + static ref safe_object2ref(object o) { + if (!current_db->is_valid_object(o, sizeof(A))) + throw pgf_error("Invalid database object"); + return o; + } + + PGF_INTERNAL_DECL static void sync(); private: @@ -104,6 +112,8 @@ private: PGF_INTERNAL_DECL object get_root_internal(); PGF_INTERNAL_DECL void set_root_internal(object root_offset); + PGF_INTERNAL_DECL bool is_valid_object(object o, size_t bytes); + PGF_INTERNAL_DECL unsigned char* relocate(unsigned char* ptr); friend class DB_scope; diff --git a/src/runtime/c/pgf/pgf.cxx b/src/runtime/c/pgf/pgf.cxx index 3d168945f..37317c453 100644 --- a/src/runtime/c/pgf/pgf.cxx +++ b/src/runtime/c/pgf/pgf.cxx @@ -160,7 +160,7 @@ PgfText *pgf_abstract_name(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); return textdup(&(*pgf->abstract.name)); } PGF_API_END @@ -174,7 +174,7 @@ void pgf_iter_categories(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); namespace_iter(pgf->abstract.cats, itor, err); } PGF_API_END @@ -187,7 +187,7 @@ PgfType pgf_start_cat(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); PgfText *startcat = (PgfText *) alloca(sizeof(PgfText)+9); @@ -228,7 +228,7 @@ PgfTypeHypo *pgf_category_context(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref abscat = namespace_lookup(pgf->abstract.cats, catname); @@ -262,7 +262,7 @@ prob_t pgf_category_prob(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref abscat = namespace_lookup(pgf->abstract.cats, catname); @@ -282,7 +282,7 @@ void pgf_iter_functions(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); pgf_exn_clear(err); namespace_iter(pgf->abstract.funs, itor, err); @@ -311,7 +311,7 @@ void pgf_iter_functions_by_cat(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); PgfItorHelper helper; helper.fn = iter_by_cat_helper; @@ -329,7 +329,7 @@ PgfType pgf_function_type(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref absfun = namespace_lookup(pgf->abstract.funs, funname); @@ -349,7 +349,7 @@ int pgf_function_is_constructor(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref absfun = namespace_lookup(pgf->abstract.funs, funname); @@ -369,7 +369,7 @@ prob_t pgf_function_prob(PgfDB *db, PgfRevision revision, { PGF_API_BEGIN { DB_scope scope(db, READER_SCOPE); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref absfun = namespace_lookup(pgf->abstract.funs, funname); @@ -435,7 +435,7 @@ PgfRevision pgf_clone_revision(PgfDB *db, PgfRevision revision, pgf_exn_clear(err); try { - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref new_pgf = PgfDB::malloc(); new_pgf->major_version = pgf->major_version; @@ -488,7 +488,7 @@ void pgf_create_function(PgfDB *db, PgfRevision revision, try { PgfDBUnmarshaller u(m); - ref pgf = revision; + ref pgf = PgfDB::safe_object2ref(revision); ref absfun = PgfDB::malloc(sizeof(PgfAbsFun)+name->size+1); absfun->type = m->match_type(&u, ty); absfun->arity = 0;