From 03495efec37b331652701e64dc72f985e6e9f7c2 Mon Sep 17 00:00:00 2001
From: JF Bastien <jfb@chromium.org>
Date: Wed, 3 Feb 2016 09:50:46 -0800
Subject: Fix out-of-bounds read

Found by asan
---
 src/wasm-s-parser.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/wasm-s-parser.h b/src/wasm-s-parser.h
index ce216fd8e..c6cf1b32d 100644
--- a/src/wasm-s-parser.h
+++ b/src/wasm-s-parser.h
@@ -423,7 +423,10 @@ public:
     if (dot) {
       // type.operation (e.g. i32.add)
       WasmType type = stringToWasmType(str, false, true);
-      const char *op = dot + 1;
+      // Local copy to index into op without bounds checking.
+      constexpr size_t maxNameSize = 15;
+      char op[maxNameSize + 1] = { '\0' };
+      strncpy(op, dot + 1, maxNameSize);
       switch (op[0]) {
         case 'a': {
           if (op[1] == 'b') return makeUnary(s, UnaryOp::Abs, type);
-- 
cgit v1.2.3