Add bounds-checking to sdt $argN

1 files changed, 9 insertions, 5 deletions

diff --git a/tapsets.cxx b/tapsets.cxx
index 64657454..3ecf2250 100644
--- a/tapsets.cxx
+++ b/tapsets.cxx
@@ -3197,7 +3197,10 @@ struct sdt_var_expanding_visitor: public var_expanding_visitor
   sdt_var_expanding_visitor(string & process_name, string & probe_name,
 			    int arg_count, bool have_reg_args):
     process_name (process_name), probe_name (probe_name),
-    have_reg_args (have_reg_args), arg_count (arg_count) {}
+    have_reg_args (have_reg_args), arg_count (arg_count)
+  {
+    assert(!have_reg_args || (arg_count >= 0 && arg_count <= 10));
+  }
   string & process_name;
   string & probe_name;
   bool have_reg_args;
@@ -3221,13 +3224,14 @@ sdt_var_expanding_visitor::visit_target_symbol (target_symbol *e)
       provide(e);
       return;
     }
-  
+
+  int argno = lex_cast<int>(e->base_name.substr(4));
+  if (argno < 1 || argno > arg_count)
+    throw semantic_error ("invalid argument number", e->tok);
+
   bool lvalue = is_active_lvalue(e);
-  string argname = e->base_name.substr(1);
   functioncall *fc = new functioncall;
 
-  int argno = lex_cast<int>(argname.substr(3));
-
   if (arg_count < 6)
     {
       fc->function = "ulong_arg";