commit 3ccd61629b641613bcccbc51125330efab9c89a7
from: Russ Cox <rsc@swtch.com>
date: Thu Jan 14 15:05:50 2021 UTC

sam: avoid out-of-bounds read in rterm

Usually r->nused < r->nalloc and the read is in bounds.
But it could in theory be right on the line and reading
past the end of the allocation.

Make it safe but preserve as much of the old semantics
as possible. This use of rterm appears to be only for
optimization purposes so the result does not matter
for correctness.

commit - 6a80119eb509bd948d87ad1b84b0a82855a3c691
commit + 3ccd61629b641613bcccbc51125330efab9c89a7
blob - c96101df6d44c301a4910815ed5a6dffe05cd0f1
blob + 55d16cfb06270daf463c133461d1b77ff1f96646
--- src/cmd/sam/rasp.c
+++ src/cmd/sam/rasp.c
@@ -283,8 +283,8 @@ rterm(List *r, Posn p1)
 
 	for(p = 0,i = 0; i<r->nused && p+L(i)<=p1; p+=L(i++))
 		;
-	if(i==r->nused && (i==0 || !T(i-1)))
-		return 0;
+	if(i==r->nused)
+		return i > 0 && T(i-1);
 	return T(i);
 }