ref: e24d9fc715e658089ebeb81519e7dbc5218770d3
parent: 209cd8cad2cddc322a7ad66c79503bf38025cd60
author: cancel <cancel@cancel.fm>
date: Sat Dec 1 10:43:39 EST 2018
Fix potential UB caused by C99 spec wording of array offset
--- a/sim.c
+++ b/sim.c
@@ -75,11 +75,13 @@
Glyph const* gp = gbuf + w * y + x;
if (x < w && gp[1] == '*')
return true;
- if (x > 0 && gp[-1] == '*')
+ if (x > 0 && *(gp - 1) == '*')
return true;
if (y < h && gp[w] == '*')
return true;
- if (y > 0 && gp[-w] == '*')
+ // note: negative array subscript on rhs of short-circuit, may cause ub if
+ // the arithmetic under/overflows, even if guarded the guard on lhs is false
+ if (y > 0 && *(gp - w) == '*')
return true;
return false;
}