dc: fix off by one in stack overflow check (thanks BurnZeZ)

BurnZeZ → Found a bug in dc(1) BurnZeZ → Everything breaks when you fill the stack BurnZeZ → You have stkptr which crap expects to point to an available member in Blk *stack[STKSZ]; BurnZeZ → stkend = &stack[STKSZ]; BurnZeZ → stkptr is allowed to equal stkend BurnZeZ → So crap that expects stkptr to be pointing to an available Blk ends up dereferencing past the end of the array BurnZeZ → term% echo `{seq 1 100} f | dc BurnZeZ → dc 628283: suicide: sys: trap: fault read addr=0xffffe0000040a618 pc=0x204b1c
author: cinap_lenrek <cinap_lenrek@felloff.net> 2018-07-27 09:31:28 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2018-07-27 09:31:28 +0200
commit: da5c0bada7be9dd82ca1f63e621670143597d3bb (patch)
tree: 6ac3f33deb497df5139dea50921a186e7e8d96ed /sys/src/cmd/dc.c
parent: 6cd83e5d246753f2b8691dded4697f858a9cd513 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/src/cmd/dc.c b/sys/src/cmd/dc.c
index c121b13d8..abc7060fd 100644
--- a/sys/src/cmd/dc.c
+++ b/sys/src/cmd/dc.c
@@ -1218,7 +1218,7 @@ init(int argc, char *argv[])
 	strptr = salloc(0);
 	divxyz = salloc(0);
 	stkbeg = stkptr = &stack[0];
-	stkend = &stack[STKSZ];
+	stkend = &stack[STKSZ-1];
 	stkerr = 0;
 	readptr = &readstk[0];
 	k=0;
author	cinap_lenrek <cinap_lenrek@felloff.net>	2018-07-27 09:31:28 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2018-07-27 09:31:28 +0200
commit	da5c0bada7be9dd82ca1f63e621670143597d3bb (patch)
tree	6ac3f33deb497df5139dea50921a186e7e8d96ed /sys/src/cmd/dc.c
parent	6cd83e5d246753f2b8691dded4697f858a9cd513 (diff)