Fix range check crash issues

Author: chrisws

configure.ac

@@ -7,7 +7,7 @@ dnl This program is distributed under the terms of the GPL v2.0
 dnl Download the GNU Public License (GPL) from www.gnu.org
 dnl
 
-AC_INIT([smallbasic], [0.12.14])
+AC_INIT([smallbasic], [0.12.15])
 AC_CONFIG_SRCDIR([configure.ac])
 
 AC_CANONICAL_TARGET

debian/changelog

@@ -1,3 +1,8 @@
+smallbasic (0.12.15) unstable; urgency=low
+  * Various see web site
+
+ -- Chris Warren-Smith <cwarrensmith@gmail.com>  Fri, 28 Dec 2018 09:45:25 +1000
+
 smallbasic (0.12.14) unstable; urgency=low
   * Various see web site
 

samples/distro-examples/tests/goto.bas

@@ -0,0 +1,2 @@
+REM Don't crash when label does not exist
+goto 1

samples/distro-examples/tests/output/goto.out

@@ -0,0 +1,6 @@
+
+
+ * COMP-ERROR AT Main:2 * 
+Description:
+Label '1' is not defined
+

src/common/scan.c

@@ -3401,7 +3401,7 @@ void comp_pass2_scan() {
         w = label->ip;
 
         // adjust the address to compensate for optimisation to remove adjoining kwEOC
-        if (comp_prog.ptr[w] != kwTYPE_LINE && comp_prog.ptr[w - 1] == kwTYPE_LINE) {
+        if (w > 0 && w < comp_prog.count && comp_prog.ptr[w] != kwTYPE_LINE && comp_prog.ptr[w - 1] == kwTYPE_LINE) {
           w--;
         }
         memcpy(comp_prog.ptr + node->pos + (j * ADDRSZ) + (ADDRSZ + ADDRSZ + 3), &w, ADDRSZ);
@@ -3419,7 +3419,7 @@ void comp_pass2_scan() {
         w = label->ip;
 
         // adjust the address to compensate for optimisation to remove adjoining kwEOC
-        if (comp_prog.ptr[w] != kwTYPE_LINE && comp_prog.ptr[w - 1] == kwTYPE_LINE) {
+        if (w > 0 && w < comp_prog.count && comp_prog.ptr[w] != kwTYPE_LINE && comp_prog.ptr[w - 1] == kwTYPE_LINE) {
           w--;
         }
 
@@ -3697,12 +3697,14 @@ bcip_t comp_optimise_line_goto(bcip_t ip) {
 
   ip = comp_read_goto(ip + 1, &addr, &level);
   bcip_t goto_ip = addr;
-  if (comp_prog.ptr[goto_ip] == kwTYPE_EOC) {
+
+  // note: INVALID_ADDR is assumed to be > comp_prog.count
+  if (goto_ip < comp_prog.count && comp_prog.ptr[goto_ip] == kwTYPE_EOC) {
     new_addr = goto_ip + 1;
   }
-  while (goto_ip > 0 && comp_prog.ptr[goto_ip] == kwTYPE_LINE) {
+  while (goto_ip > -1 && comp_prog.ptr[goto_ip] == kwTYPE_LINE) {
     goto_ip += 1 + sizeof(bcip_t);
-    if (comp_prog.ptr[goto_ip] == kwGOTO) {
+    if (goto_ip < comp_prog.count && comp_prog.ptr[goto_ip] == kwGOTO) {
       code_t next_level;
       comp_read_goto(goto_ip + 1, &addr, &next_level);
       goto_ip = addr;

src/platform/android/app/build.gradle

@@ -9,8 +9,8 @@ android {
     applicationId 'net.sourceforge.smallbasic'
     minSdkVersion 16
     targetSdkVersion 27
-    versionCode 31
-    versionName "0.12.14.2"
+    versionCode 32
+    versionName "0.12.15"
     resConfigs "en"
   }
 

src/platform/console/Makefile.am

@@ -27,7 +27,7 @@ TEST_DIR=../../../samples/distro-examples/tests
 UNIT_TESTS=array break byref eval-test iifs matrices metaa ongoto \
 	         uds hash pass1 call_tau short-circuit strings stack-test \
            replace-test read-data proc optchk letbug ptr \
-           trycatch chain stream-files split-join sprint all scope
+           trycatch chain stream-files split-join sprint all scope goto
 
 test: ${bin_PROGRAMS}
 	@for utest in $(UNIT_TESTS); do                             \

src/ui/textedit.cpp

@@ -1707,15 +1707,15 @@ void TextEditInput::updateScroll() {
 
 int TextEditInput::wordEnd() {
   int i = _state.cursor;
-  while (IS_VAR_CHAR(_buf._buffer[i]) && i < _buf._len) {
+  while (i >= 0 && i < _buf._len && IS_VAR_CHAR(_buf._buffer[i])) {
     i++;
   }
   return i;
 }
 
 int TextEditInput::wordStart() {
   int cursor = _state.cursor == 0 ? 0 : _state.cursor - 1;
-  return (_buf._buffer[cursor] == '\n' ? _state.cursor :
+  return ((cursor >= 0 && cursor < _buf._len && _buf._buffer[cursor] == '\n') ? _state.cursor :
           is_word_boundary(&_buf, _state.cursor) ? _state.cursor :
           stb_textedit_move_to_word_previous(&_buf, _state.cursor));
 }