From 0a521c2314580f8a1670aa36af29c1bb08b9c9f6 Mon Sep 17 00:00:00 2001
From: Yuichi Nishiwaki <yuichi.nishiwaki@gmail.com>
Date: Fri, 22 Nov 2013 06:35:51 -0800
Subject: [PATCH] add overflow guards to some global stacks (or value pools)

---
 src/codegen.c | 6 ++++++
 src/expand.c  | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/src/codegen.c b/src/codegen.c
index 4defaa34..6aac14b5 100644
--- a/src/codegen.c
+++ b/src/codegen.c
@@ -407,6 +407,9 @@ codegen(codegen_state *state, pic_value obj, bool tailpos)
 	}
 
 	pidx = pic->plen++;
+	if (pidx >= pic->pcapa) {
+	  pic_abort(pic, "constant pool overflow");
+	}
 	pic->pool[pidx] = pic_car(pic, pic_cdr(pic, obj));
 	irep->code[irep->clen].insn = OP_PUSHCONST;
 	irep->code[irep->clen].u.i = pidx;
@@ -640,6 +643,9 @@ codegen(codegen_state *state, pic_value obj, bool tailpos)
   case PIC_TT_BLOB: {
     int pidx;
     pidx = pic->plen++;
+    if (pidx >= pic->pcapa) {
+      pic_abort(pic, "constant pool overflow");
+    }
     pic->pool[pidx] = obj;
     irep->code[irep->clen].insn = OP_PUSHCONST;
     irep->code[irep->clen].u.i = pidx;
diff --git a/src/expand.c b/src/expand.c
index 7b32ef4f..a8752c47 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -20,6 +20,9 @@ define_macro(pic_state *pic, const char *name, struct pic_proc *macro)
   int idx;
 
   idx = pic->mlen++;
+  if (idx >= pic->mcapa) {
+    pic_abort(pic, "macro table overflow");
+  }
   pic->macros[idx] = macro;
   xh_put(pic->global_tbl, name, ~idx);
 }